//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2024 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif
@_spi(SotoInternal) import SotoCore

extension VerifiedPermissions {
    // MARK: Enums

    public enum BatchGetPolicyErrorCode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case policyNotFound = "POLICY_NOT_FOUND"
        case policyStoreNotFound = "POLICY_STORE_NOT_FOUND"
        public var description: String { return self.rawValue }
    }

    public enum CedarVersion: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case cedar2 = "CEDAR_2"
        case cedar4 = "CEDAR_4"
        public var description: String { return self.rawValue }
    }

    public enum Decision: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case allow = "ALLOW"
        case deny = "DENY"
        public var description: String { return self.rawValue }
    }

    public enum DeletionProtection: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case disabled = "DISABLED"
        case enabled = "ENABLED"
        public var description: String { return self.rawValue }
    }

    public enum OpenIdIssuer: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case cognito = "COGNITO"
        public var description: String { return self.rawValue }
    }

    public enum PolicyEffect: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case forbid = "Forbid"
        case permit = "Permit"
        public var description: String { return self.rawValue }
    }

    public enum PolicyType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case `static` = "STATIC"
        case templateLinked = "TEMPLATE_LINKED"
        public var description: String { return self.rawValue }
    }

    public enum ResourceType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case identitySource = "IDENTITY_SOURCE"
        case policy = "POLICY"
        case policyStore = "POLICY_STORE"
        case policyTemplate = "POLICY_TEMPLATE"
        case schema = "SCHEMA"
        public var description: String { return self.rawValue }
    }

    public enum ValidationMode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case off = "OFF"
        case strict = "STRICT"
        public var description: String { return self.rawValue }
    }

    public enum AttributeValue: AWSEncodableShape & AWSDecodableShape, Sendable {
        /// An attribute value of Boolean type. Example: {"boolean": true}
        case boolean(Bool)
        /// An attribute value of decimal type. Example: {"decimal": "1.1"}
        case decimal(String)
        /// An attribute value of type EntityIdentifier. Example: "entityIdentifier": { "entityId": "&lt;id&gt;", "entityType": "&lt;entity type&gt;"}
        case entityIdentifier(EntityIdentifier)
        /// An attribute value of ipaddr type. Example: {"ip": "192.168.1.100"}
        case ipaddr(String)
        /// An attribute value of Long type. Example: {"long": 0}
        case long(Int64)
        /// An attribute value of Record type. Example: {"record": { "keyName": {} } }
        case record([String: AttributeValue])
        /// An attribute value of Set type. Example: {"set": [ {} ] }
        case set([AttributeValue])
        /// An attribute value of String type. Example: {"string": "abc"}
        case string(String)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .boolean:
                let value = try container.decode(Bool.self, forKey: .boolean)
                self = .boolean(value)
            case .decimal:
                let value = try container.decode(String.self, forKey: .decimal)
                self = .decimal(value)
            case .entityIdentifier:
                let value = try container.decode(EntityIdentifier.self, forKey: .entityIdentifier)
                self = .entityIdentifier(value)
            case .ipaddr:
                let value = try container.decode(String.self, forKey: .ipaddr)
                self = .ipaddr(value)
            case .long:
                let value = try container.decode(Int64.self, forKey: .long)
                self = .long(value)
            case .record:
                let value = try container.decode([String: AttributeValue].self, forKey: .record)
                self = .record(value)
            case .set:
                let value = try container.decode([AttributeValue].self, forKey: .set)
                self = .set(value)
            case .string:
                let value = try container.decode(String.self, forKey: .string)
                self = .string(value)
            }
        }

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .boolean(let value):
                try container.encode(value, forKey: .boolean)
            case .decimal(let value):
                try container.encode(value, forKey: .decimal)
            case .entityIdentifier(let value):
                try container.encode(value, forKey: .entityIdentifier)
            case .ipaddr(let value):
                try container.encode(value, forKey: .ipaddr)
            case .long(let value):
                try container.encode(value, forKey: .long)
            case .record(let value):
                try container.encode(value, forKey: .record)
            case .set(let value):
                try container.encode(value, forKey: .set)
            case .string(let value):
                try container.encode(value, forKey: .string)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .decimal(let value):
                try self.validate(value, name: "decimal", parent: name, max: 23)
                try self.validate(value, name: "decimal", parent: name, min: 3)
                try self.validate(value, name: "decimal", parent: name, pattern: "^-?\\d{1,15}\\.\\d{1,4}$")
            case .entityIdentifier(let value):
                try value.validate(name: "\(name).entityIdentifier")
            case .ipaddr(let value):
                try self.validate(value, name: "ipaddr", parent: name, max: 44)
                try self.validate(value, name: "ipaddr", parent: name, min: 1)
                try self.validate(value, name: "ipaddr", parent: name, pattern: "^[0-9a-fA-F\\.:\\/]*$")
            case .record(let value):
                try value.forEach {
                    try $0.value.validate(name: "\(name).record[\"\($0.key)\"]")
                }
            case .set(let value):
                try value.forEach {
                    try $0.validate(name: "\(name).set[]")
                }
            default:
                break
            }
        }

        private enum CodingKeys: String, CodingKey {
            case boolean = "boolean"
            case decimal = "decimal"
            case entityIdentifier = "entityIdentifier"
            case ipaddr = "ipaddr"
            case long = "long"
            case record = "record"
            case set = "set"
            case string = "string"
        }
    }

    public enum Configuration: AWSEncodableShape, Sendable {
        /// Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool and one or more application client IDs. Example: "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}}
        case cognitoUserPoolConfiguration(CognitoUserPoolConfiguration)
        /// Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details. Example:"configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}}
        case openIdConnectConfiguration(OpenIdConnectConfiguration)

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .cognitoUserPoolConfiguration(let value):
                try container.encode(value, forKey: .cognitoUserPoolConfiguration)
            case .openIdConnectConfiguration(let value):
                try container.encode(value, forKey: .openIdConnectConfiguration)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .cognitoUserPoolConfiguration(let value):
                try value.validate(name: "\(name).cognitoUserPoolConfiguration")
            case .openIdConnectConfiguration(let value):
                try value.validate(name: "\(name).openIdConnectConfiguration")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case cognitoUserPoolConfiguration = "cognitoUserPoolConfiguration"
            case openIdConnectConfiguration = "openIdConnectConfiguration"
        }
    }

    public enum ConfigurationDetail: AWSDecodableShape, Sendable {
        /// Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool, the policy store entity that you want to assign to user groups, and one or more application client IDs. Example: "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}}
        case cognitoUserPoolConfiguration(CognitoUserPoolConfigurationDetail)
        /// Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details. Example:"configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}}
        case openIdConnectConfiguration(OpenIdConnectConfigurationDetail)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .cognitoUserPoolConfiguration:
                let value = try container.decode(CognitoUserPoolConfigurationDetail.self, forKey: .cognitoUserPoolConfiguration)
                self = .cognitoUserPoolConfiguration(value)
            case .openIdConnectConfiguration:
                let value = try container.decode(OpenIdConnectConfigurationDetail.self, forKey: .openIdConnectConfiguration)
                self = .openIdConnectConfiguration(value)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case cognitoUserPoolConfiguration = "cognitoUserPoolConfiguration"
            case openIdConnectConfiguration = "openIdConnectConfiguration"
        }
    }

    public enum ConfigurationItem: AWSDecodableShape, Sendable {
        /// Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool, the policy store entity that you want to assign to user groups, and one or more application client IDs. Example: "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}}
        case cognitoUserPoolConfiguration(CognitoUserPoolConfigurationItem)
        /// Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details. Example:"configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}}
        case openIdConnectConfiguration(OpenIdConnectConfigurationItem)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .cognitoUserPoolConfiguration:
                let value = try container.decode(CognitoUserPoolConfigurationItem.self, forKey: .cognitoUserPoolConfiguration)
                self = .cognitoUserPoolConfiguration(value)
            case .openIdConnectConfiguration:
                let value = try container.decode(OpenIdConnectConfigurationItem.self, forKey: .openIdConnectConfiguration)
                self = .openIdConnectConfiguration(value)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case cognitoUserPoolConfiguration = "cognitoUserPoolConfiguration"
            case openIdConnectConfiguration = "openIdConnectConfiguration"
        }
    }

    public enum ContextDefinition: AWSEncodableShape & AWSDecodableShape, Sendable {
        /// A Cedar JSON string representation of the context needed to successfully evaluate an authorization request. Example: {"cedarJson":"{\"&lt;KeyName1&gt;\": true, \"&lt;KeyName2&gt;\": 1234}" }
        case cedarJson(String)
        /// An list of attributes that are needed to successfully evaluate an authorization request. Each attribute in this array must include a map of a data type and its value. Example: "contextMap":{"&lt;KeyName1&gt;":{"boolean":true},"&lt;KeyName2&gt;":{"long":1234}}
        case contextMap([String: AttributeValue])

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .cedarJson:
                let value = try container.decode(String.self, forKey: .cedarJson)
                self = .cedarJson(value)
            case .contextMap:
                let value = try container.decode([String: AttributeValue].self, forKey: .contextMap)
                self = .contextMap(value)
            }
        }

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .cedarJson(let value):
                try container.encode(value, forKey: .cedarJson)
            case .contextMap(let value):
                try container.encode(value, forKey: .contextMap)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .contextMap(let value):
                try value.forEach {
                    try $0.value.validate(name: "\(name).contextMap[\"\($0.key)\"]")
                }
            default:
                break
            }
        }

        private enum CodingKeys: String, CodingKey {
            case cedarJson = "cedarJson"
            case contextMap = "contextMap"
        }
    }

    public enum EntitiesDefinition: AWSEncodableShape, Sendable {
        /// A Cedar JSON string representation of the entities needed to successfully evaluate an authorization request. Example: {"cedarJson": "[{\"uid\":{\"type\":\"Photo\",\"id\":\"VacationPhoto94.jpg\"},\"attrs\":{\"accessLevel\":\"public\"},\"parents\":[]}]"}
        case cedarJson(String)
        /// An array of entities that are needed to successfully evaluate an authorization request. Each entity in this array must include an identifier for the entity, the attributes of the entity, and a list of any parent entities.  If you include multiple entities with the same identifier, only the last one is processed in the request.
        case entityList([EntityItem])

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .cedarJson(let value):
                try container.encode(value, forKey: .cedarJson)
            case .entityList(let value):
                try container.encode(value, forKey: .entityList)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .entityList(let value):
                try value.forEach {
                    try $0.validate(name: "\(name).entityList[]")
                }
            default:
                break
            }
        }

        private enum CodingKeys: String, CodingKey {
            case cedarJson = "cedarJson"
            case entityList = "entityList"
        }
    }

    public enum EntityReference: AWSEncodableShape, Sendable {
        /// The identifier of the entity. It can consist of either an EntityType and EntityId, a principal, or a resource.
        case identifier(EntityIdentifier)
        /// Used to indicate that a principal or resource is not specified. This can be used to search for policies that are not associated with a specific principal or resource.
        case unspecified(Bool)

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .identifier(let value):
                try container.encode(value, forKey: .identifier)
            case .unspecified(let value):
                try container.encode(value, forKey: .unspecified)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .identifier(let value):
                try value.validate(name: "\(name).identifier")
            default:
                break
            }
        }

        private enum CodingKeys: String, CodingKey {
            case identifier = "identifier"
            case unspecified = "unspecified"
        }
    }

    public enum OpenIdConnectTokenSelection: AWSEncodableShape, Sendable {
        /// The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com, and the claim that you want to map to the principal, for example sub.
        case accessTokenOnly(OpenIdConnectAccessTokenConfiguration)
        /// The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789, and the claim that you want to map to the principal, for example sub.
        case identityTokenOnly(OpenIdConnectIdentityTokenConfiguration)

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .accessTokenOnly(let value):
                try container.encode(value, forKey: .accessTokenOnly)
            case .identityTokenOnly(let value):
                try container.encode(value, forKey: .identityTokenOnly)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .accessTokenOnly(let value):
                try value.validate(name: "\(name).accessTokenOnly")
            case .identityTokenOnly(let value):
                try value.validate(name: "\(name).identityTokenOnly")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case accessTokenOnly = "accessTokenOnly"
            case identityTokenOnly = "identityTokenOnly"
        }
    }

    public enum OpenIdConnectTokenSelectionDetail: AWSDecodableShape, Sendable {
        /// The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com, and the claim that you want to map to the principal, for example sub.
        case accessTokenOnly(OpenIdConnectAccessTokenConfigurationDetail)
        /// The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789, and the claim that you want to map to the principal, for example sub.
        case identityTokenOnly(OpenIdConnectIdentityTokenConfigurationDetail)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .accessTokenOnly:
                let value = try container.decode(OpenIdConnectAccessTokenConfigurationDetail.self, forKey: .accessTokenOnly)
                self = .accessTokenOnly(value)
            case .identityTokenOnly:
                let value = try container.decode(OpenIdConnectIdentityTokenConfigurationDetail.self, forKey: .identityTokenOnly)
                self = .identityTokenOnly(value)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case accessTokenOnly = "accessTokenOnly"
            case identityTokenOnly = "identityTokenOnly"
        }
    }

    public enum OpenIdConnectTokenSelectionItem: AWSDecodableShape, Sendable {
        /// The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com, and the claim that you want to map to the principal, for example sub.
        case accessTokenOnly(OpenIdConnectAccessTokenConfigurationItem)
        /// The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789, and the claim that you want to map to the principal, for example sub.
        case identityTokenOnly(OpenIdConnectIdentityTokenConfigurationItem)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .accessTokenOnly:
                let value = try container.decode(OpenIdConnectAccessTokenConfigurationItem.self, forKey: .accessTokenOnly)
                self = .accessTokenOnly(value)
            case .identityTokenOnly:
                let value = try container.decode(OpenIdConnectIdentityTokenConfigurationItem.self, forKey: .identityTokenOnly)
                self = .identityTokenOnly(value)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case accessTokenOnly = "accessTokenOnly"
            case identityTokenOnly = "identityTokenOnly"
        }
    }

    public enum PolicyDefinition: AWSEncodableShape, Sendable {
        /// A structure that describes a static policy. An static policy doesn't use a template or allow placeholders for entities.
        case `static`(StaticPolicyDefinition)
        /// A structure that describes a policy that was instantiated from a template. The template can specify placeholders for principal and resource. When you use CreatePolicy to create a policy from a template, you specify the exact principal and resource to use for the instantiated policy.
        case templateLinked(TemplateLinkedPolicyDefinition)

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .`static`(let value):
                try container.encode(value, forKey: .`static`)
            case .templateLinked(let value):
                try container.encode(value, forKey: .templateLinked)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .`static`(let value):
                try value.validate(name: "\(name).`static`")
            case .templateLinked(let value):
                try value.validate(name: "\(name).templateLinked")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case `static` = "static"
            case templateLinked = "templateLinked"
        }
    }

    public enum PolicyDefinitionDetail: AWSDecodableShape, Sendable {
        /// Information about a static policy that wasn't created with a policy template.
        case `static`(StaticPolicyDefinitionDetail)
        /// Information about a template-linked policy that was created by instantiating a policy template.
        case templateLinked(TemplateLinkedPolicyDefinitionDetail)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .`static`:
                let value = try container.decode(StaticPolicyDefinitionDetail.self, forKey: .`static`)
                self = .`static`(value)
            case .templateLinked:
                let value = try container.decode(TemplateLinkedPolicyDefinitionDetail.self, forKey: .templateLinked)
                self = .templateLinked(value)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case `static` = "static"
            case templateLinked = "templateLinked"
        }
    }

    public enum PolicyDefinitionItem: AWSDecodableShape, Sendable {
        /// Information about a static policy that wasn't created with a policy template.
        case `static`(StaticPolicyDefinitionItem)
        /// Information about a template-linked policy that was created by instantiating a policy template.
        case templateLinked(TemplateLinkedPolicyDefinitionItem)

        public init(from decoder: Decoder) throws {
            let container = try decoder.container(keyedBy: CodingKeys.self)
            guard container.allKeys.count == 1, let key = container.allKeys.first else {
                let context = DecodingError.Context(
                    codingPath: container.codingPath,
                    debugDescription: "Expected exactly one key, but got \(container.allKeys.count)"
                )
                throw DecodingError.dataCorrupted(context)
            }
            switch key {
            case .`static`:
                let value = try container.decode(StaticPolicyDefinitionItem.self, forKey: .`static`)
                self = .`static`(value)
            case .templateLinked:
                let value = try container.decode(TemplateLinkedPolicyDefinitionItem.self, forKey: .templateLinked)
                self = .templateLinked(value)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case `static` = "static"
            case templateLinked = "templateLinked"
        }
    }

    public enum UpdateConfiguration: AWSEncodableShape, Sendable {
        /// Contains configuration details of a Amazon Cognito user pool.
        case cognitoUserPoolConfiguration(UpdateCognitoUserPoolConfiguration)
        /// Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
        case openIdConnectConfiguration(UpdateOpenIdConnectConfiguration)

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .cognitoUserPoolConfiguration(let value):
                try container.encode(value, forKey: .cognitoUserPoolConfiguration)
            case .openIdConnectConfiguration(let value):
                try container.encode(value, forKey: .openIdConnectConfiguration)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .cognitoUserPoolConfiguration(let value):
                try value.validate(name: "\(name).cognitoUserPoolConfiguration")
            case .openIdConnectConfiguration(let value):
                try value.validate(name: "\(name).openIdConnectConfiguration")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case cognitoUserPoolConfiguration = "cognitoUserPoolConfiguration"
            case openIdConnectConfiguration = "openIdConnectConfiguration"
        }
    }

    public enum UpdateOpenIdConnectTokenSelection: AWSEncodableShape, Sendable {
        /// The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com, and the claim that you want to map to the principal, for example sub.
        case accessTokenOnly(UpdateOpenIdConnectAccessTokenConfiguration)
        /// The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789, and the claim that you want to map to the principal, for example sub.
        case identityTokenOnly(UpdateOpenIdConnectIdentityTokenConfiguration)

        public func encode(to encoder: Encoder) throws {
            var container = encoder.container(keyedBy: CodingKeys.self)
            switch self {
            case .accessTokenOnly(let value):
                try container.encode(value, forKey: .accessTokenOnly)
            case .identityTokenOnly(let value):
                try container.encode(value, forKey: .identityTokenOnly)
            }
        }

        public func validate(name: String) throws {
            switch self {
            case .accessTokenOnly(let value):
                try value.validate(name: "\(name).accessTokenOnly")
            case .identityTokenOnly(let value):
                try value.validate(name: "\(name).identityTokenOnly")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case accessTokenOnly = "accessTokenOnly"
            case identityTokenOnly = "identityTokenOnly"
        }
    }

    // MARK: Shapes

    public struct ActionIdentifier: AWSEncodableShape & AWSDecodableShape {
        /// The ID of an action.
        public let actionId: String
        /// The type of an action.
        public let actionType: String

        @inlinable
        public init(actionId: String, actionType: String) {
            self.actionId = actionId
            self.actionType = actionType
        }

        public func validate(name: String) throws {
            try self.validate(self.actionId, name: "actionId", parent: name, max: 200)
            try self.validate(self.actionId, name: "actionId", parent: name, min: 1)
            try self.validate(self.actionId, name: "actionId", parent: name, pattern: "^.*$")
            try self.validate(self.actionType, name: "actionType", parent: name, max: 200)
            try self.validate(self.actionType, name: "actionType", parent: name, min: 1)
            try self.validate(self.actionType, name: "actionType", parent: name, pattern: "^Action$|^.+::Action$")
        }

        private enum CodingKeys: String, CodingKey {
            case actionId = "actionId"
            case actionType = "actionType"
        }
    }

    public struct BatchGetPolicyErrorItem: AWSDecodableShape {
        /// The error code that was returned.
        public let code: BatchGetPolicyErrorCode
        /// A detailed error message.
        public let message: String
        /// The identifier of the policy associated with the failed request.
        public let policyId: String
        /// The identifier of the policy store associated with the failed request.
        public let policyStoreId: String

        @inlinable
        public init(code: BatchGetPolicyErrorCode, message: String, policyId: String, policyStoreId: String) {
            self.code = code
            self.message = message
            self.policyId = policyId
            self.policyStoreId = policyStoreId
        }

        private enum CodingKeys: String, CodingKey {
            case code = "code"
            case message = "message"
            case policyId = "policyId"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct BatchGetPolicyInput: AWSEncodableShape {
        /// An array of up to 100 policies you want information about.
        public let requests: [BatchGetPolicyInputItem]

        @inlinable
        public init(requests: [BatchGetPolicyInputItem]) {
            self.requests = requests
        }

        public func validate(name: String) throws {
            try self.requests.forEach {
                try $0.validate(name: "\(name).requests[]")
            }
            try self.validate(self.requests, name: "requests", parent: name, max: 100)
            try self.validate(self.requests, name: "requests", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case requests = "requests"
        }
    }

    public struct BatchGetPolicyInputItem: AWSEncodableShape {
        /// The identifier of the policy you want information about.
        public let policyId: String
        /// The identifier of the policy store where the policy you want information about is stored.
        public let policyStoreId: String

        @inlinable
        public init(policyId: String, policyStoreId: String) {
            self.policyId = policyId
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyId, name: "policyId", parent: name, max: 200)
            try self.validate(self.policyId, name: "policyId", parent: name, min: 1)
            try self.validate(self.policyId, name: "policyId", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyId = "policyId"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct BatchGetPolicyOutput: AWSDecodableShape {
        /// Information about the policies from the request that resulted in an error. These results are returned in the order they were requested.
        public let errors: [BatchGetPolicyErrorItem]
        /// Information about the policies listed in the request that were successfully returned. These results are returned in the order they were requested.
        public let results: [BatchGetPolicyOutputItem]

        @inlinable
        public init(errors: [BatchGetPolicyErrorItem], results: [BatchGetPolicyOutputItem]) {
            self.errors = errors
            self.results = results
        }

        private enum CodingKeys: String, CodingKey {
            case errors = "errors"
            case results = "results"
        }
    }

    public struct BatchGetPolicyOutputItem: AWSDecodableShape {
        /// The date and time the policy was created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The policy definition of an item in the list of policies returned.
        public let definition: PolicyDefinitionDetail
        /// The date and time the policy was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The identifier of the policy you want information about.
        public let policyId: String
        /// The identifier of the policy store where the policy you want information about is stored.
        public let policyStoreId: String
        /// The type of the policy. This is one of the following values:    STATIC     TEMPLATE_LINKED
        public let policyType: PolicyType

        @inlinable
        public init(createdDate: Date, definition: PolicyDefinitionDetail, lastUpdatedDate: Date, policyId: String, policyStoreId: String, policyType: PolicyType) {
            self.createdDate = createdDate
            self.definition = definition
            self.lastUpdatedDate = lastUpdatedDate
            self.policyId = policyId
            self.policyStoreId = policyStoreId
            self.policyType = policyType
        }

        private enum CodingKeys: String, CodingKey {
            case createdDate = "createdDate"
            case definition = "definition"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyId = "policyId"
            case policyStoreId = "policyStoreId"
            case policyType = "policyType"
        }
    }

    public struct BatchIsAuthorizedInput: AWSEncodableShape {
        /// (Optional) Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies. These additional entities and their attributes can be referenced and checked by conditional elements in the policies in the specified policy store.  You can include only principal and resource entities in this parameter; you can't include actions. You must specify actions in the schema.
        public let entities: EntitiesDefinition?
        /// Specifies the ID of the policy store. Policies in this policy store will be used to make the authorization decisions for the input.
        public let policyStoreId: String
        /// An array of up to 30 requests that you want Verified Permissions to evaluate.
        public let requests: [BatchIsAuthorizedInputItem]

        @inlinable
        public init(entities: EntitiesDefinition? = nil, policyStoreId: String, requests: [BatchIsAuthorizedInputItem]) {
            self.entities = entities
            self.policyStoreId = policyStoreId
            self.requests = requests
        }

        public func validate(name: String) throws {
            try self.entities?.validate(name: "\(name).entities")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.requests.forEach {
                try $0.validate(name: "\(name).requests[]")
            }
            try self.validate(self.requests, name: "requests", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case entities = "entities"
            case policyStoreId = "policyStoreId"
            case requests = "requests"
        }
    }

    public struct BatchIsAuthorizedInputItem: AWSEncodableShape & AWSDecodableShape {
        /// Specifies the requested action to be authorized. For example, PhotoFlash::ReadPhoto.
        public let action: ActionIdentifier?
        /// Specifies additional context that can be used to make more granular authorization decisions.
        public let context: ContextDefinition?
        /// Specifies the principal for which the authorization decision is to be made.
        public let principal: EntityIdentifier?
        /// Specifies the resource that you want an authorization decision for. For example, PhotoFlash::Photo.
        public let resource: EntityIdentifier?

        @inlinable
        public init(action: ActionIdentifier? = nil, context: ContextDefinition? = nil, principal: EntityIdentifier? = nil, resource: EntityIdentifier? = nil) {
            self.action = action
            self.context = context
            self.principal = principal
            self.resource = resource
        }

        public func validate(name: String) throws {
            try self.action?.validate(name: "\(name).action")
            try self.context?.validate(name: "\(name).context")
            try self.principal?.validate(name: "\(name).principal")
            try self.resource?.validate(name: "\(name).resource")
        }

        private enum CodingKeys: String, CodingKey {
            case action = "action"
            case context = "context"
            case principal = "principal"
            case resource = "resource"
        }
    }

    public struct BatchIsAuthorizedOutput: AWSDecodableShape {
        /// A series of Allow or Deny decisions for each request, and the policies that produced them. These results are returned in the order they were requested.
        public let results: [BatchIsAuthorizedOutputItem]

        @inlinable
        public init(results: [BatchIsAuthorizedOutputItem]) {
            self.results = results
        }

        private enum CodingKeys: String, CodingKey {
            case results = "results"
        }
    }

    public struct BatchIsAuthorizedOutputItem: AWSDecodableShape {
        /// An authorization decision that indicates if the authorization request should be allowed or denied.
        public let decision: Decision
        /// The list of determining policies used to make the authorization decision. For example, if there are two matching policies, where one is a forbid and the other is a permit, then the forbid policy will be the determining policy. In the case of multiple matching permit policies then there would be multiple determining policies. In the case that no policies match, and hence the response is DENY, there would be no determining policies.
        public let determiningPolicies: [DeterminingPolicyItem]
        /// Errors that occurred while making an authorization decision. For example, a policy might reference an entity or attribute that doesn't exist in the request.
        public let errors: [EvaluationErrorItem]
        /// The authorization request that initiated the decision.
        public let request: BatchIsAuthorizedInputItem

        @inlinable
        public init(decision: Decision, determiningPolicies: [DeterminingPolicyItem], errors: [EvaluationErrorItem], request: BatchIsAuthorizedInputItem) {
            self.decision = decision
            self.determiningPolicies = determiningPolicies
            self.errors = errors
            self.request = request
        }

        private enum CodingKeys: String, CodingKey {
            case decision = "decision"
            case determiningPolicies = "determiningPolicies"
            case errors = "errors"
            case request = "request"
        }
    }

    public struct BatchIsAuthorizedWithTokenInput: AWSEncodableShape {
        /// Specifies an access token for the principal that you want to authorize in each request. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an accessToken, an identityToken, or both. Must be an access token. Verified Permissions returns an error if the token_use claim in the submitted token isn't access.
        public let accessToken: String?
        /// (Optional) Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies. These additional entities and their attributes can be referenced and checked by conditional elements in the policies in the specified policy store.  You can't include principals in this parameter, only resource and action entities. This parameter can't include any entities of a type that matches the user or group entity types that you defined in your identity source.   The BatchIsAuthorizedWithToken operation takes principal attributes from  only  the identityToken or accessToken passed to the operation.   For action entities, you can include only their Identifier and EntityType.
        public let entities: EntitiesDefinition?
        /// Specifies an identity (ID) token for the principal that you want to authorize in each request. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an accessToken, an identityToken, or both. Must be an ID token. Verified Permissions returns an error if the token_use claim in the submitted token isn't id.
        public let identityToken: String?
        /// Specifies the ID of the policy store. Policies in this policy store will be used to make an authorization decision for the input.
        public let policyStoreId: String
        /// An array of up to 30 requests that you want Verified Permissions to evaluate.
        public let requests: [BatchIsAuthorizedWithTokenInputItem]

        @inlinable
        public init(accessToken: String? = nil, entities: EntitiesDefinition? = nil, identityToken: String? = nil, policyStoreId: String, requests: [BatchIsAuthorizedWithTokenInputItem]) {
            self.accessToken = accessToken
            self.entities = entities
            self.identityToken = identityToken
            self.policyStoreId = policyStoreId
            self.requests = requests
        }

        public func validate(name: String) throws {
            try self.validate(self.accessToken, name: "accessToken", parent: name, max: 131072)
            try self.validate(self.accessToken, name: "accessToken", parent: name, min: 1)
            try self.validate(self.accessToken, name: "accessToken", parent: name, pattern: "^[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+$")
            try self.entities?.validate(name: "\(name).entities")
            try self.validate(self.identityToken, name: "identityToken", parent: name, max: 131072)
            try self.validate(self.identityToken, name: "identityToken", parent: name, min: 1)
            try self.validate(self.identityToken, name: "identityToken", parent: name, pattern: "^[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.requests.forEach {
                try $0.validate(name: "\(name).requests[]")
            }
            try self.validate(self.requests, name: "requests", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case accessToken = "accessToken"
            case entities = "entities"
            case identityToken = "identityToken"
            case policyStoreId = "policyStoreId"
            case requests = "requests"
        }
    }

    public struct BatchIsAuthorizedWithTokenInputItem: AWSEncodableShape & AWSDecodableShape {
        /// Specifies the requested action to be authorized. For example, PhotoFlash::ReadPhoto.
        public let action: ActionIdentifier?
        /// Specifies additional context that can be used to make more granular authorization decisions.
        public let context: ContextDefinition?
        /// Specifies the resource that you want an authorization decision for. For example, PhotoFlash::Photo.
        public let resource: EntityIdentifier?

        @inlinable
        public init(action: ActionIdentifier? = nil, context: ContextDefinition? = nil, resource: EntityIdentifier? = nil) {
            self.action = action
            self.context = context
            self.resource = resource
        }

        public func validate(name: String) throws {
            try self.action?.validate(name: "\(name).action")
            try self.context?.validate(name: "\(name).context")
            try self.resource?.validate(name: "\(name).resource")
        }

        private enum CodingKeys: String, CodingKey {
            case action = "action"
            case context = "context"
            case resource = "resource"
        }
    }

    public struct BatchIsAuthorizedWithTokenOutput: AWSDecodableShape {
        /// The identifier of the principal in the ID or access token.
        public let principal: EntityIdentifier?
        /// A series of Allow or Deny decisions for each request, and the policies that produced them. These results are returned in the order they were requested.
        public let results: [BatchIsAuthorizedWithTokenOutputItem]

        @inlinable
        public init(principal: EntityIdentifier? = nil, results: [BatchIsAuthorizedWithTokenOutputItem]) {
            self.principal = principal
            self.results = results
        }

        private enum CodingKeys: String, CodingKey {
            case principal = "principal"
            case results = "results"
        }
    }

    public struct BatchIsAuthorizedWithTokenOutputItem: AWSDecodableShape {
        /// An authorization decision that indicates if the authorization request should be allowed or denied.
        public let decision: Decision
        /// The list of determining policies used to make the authorization decision. For example, if there are two matching policies, where one is a forbid and the other is a permit, then the forbid policy will be the determining policy. In the case of multiple matching permit policies then there would be multiple determining policies. In the case that no policies match, and hence the response is DENY, there would be no determining policies.
        public let determiningPolicies: [DeterminingPolicyItem]
        /// Errors that occurred while making an authorization decision. For example, a policy might reference an entity or attribute that doesn't exist in the request.
        public let errors: [EvaluationErrorItem]
        /// The authorization request that initiated the decision.
        public let request: BatchIsAuthorizedWithTokenInputItem

        @inlinable
        public init(decision: Decision, determiningPolicies: [DeterminingPolicyItem], errors: [EvaluationErrorItem], request: BatchIsAuthorizedWithTokenInputItem) {
            self.decision = decision
            self.determiningPolicies = determiningPolicies
            self.errors = errors
            self.request = request
        }

        private enum CodingKeys: String, CodingKey {
            case decision = "decision"
            case determiningPolicies = "determiningPolicies"
            case errors = "errors"
            case request = "request"
        }
    }

    public struct CognitoGroupConfiguration: AWSEncodableShape {
        /// The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup.
        public let groupEntityType: String

        @inlinable
        public init(groupEntityType: String) {
            self.groupEntityType = groupEntityType
        }

        public func validate(name: String) throws {
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, max: 200)
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, min: 1)
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, pattern: "^([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupEntityType = "groupEntityType"
        }
    }

    public struct CognitoGroupConfigurationDetail: AWSDecodableShape {
        /// The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup.
        public let groupEntityType: String?

        @inlinable
        public init(groupEntityType: String? = nil) {
            self.groupEntityType = groupEntityType
        }

        private enum CodingKeys: String, CodingKey {
            case groupEntityType = "groupEntityType"
        }
    }

    public struct CognitoGroupConfigurationItem: AWSDecodableShape {
        /// The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup.
        public let groupEntityType: String?

        @inlinable
        public init(groupEntityType: String? = nil) {
            self.groupEntityType = groupEntityType
        }

        private enum CodingKeys: String, CodingKey {
            case groupEntityType = "groupEntityType"
        }
    }

    public struct CognitoUserPoolConfiguration: AWSEncodableShape {
        /// The unique application client IDs that are associated with the specified Amazon Cognito user pool. Example: "ClientIds": ["&amp;ExampleCogClientId;"]
        public let clientIds: [String]?
        /// The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
        public let groupConfiguration: CognitoGroupConfiguration?
        /// The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be authorized. Example: "UserPoolArn": "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"
        public let userPoolArn: String

        @inlinable
        public init(clientIds: [String]? = nil, groupConfiguration: CognitoGroupConfiguration? = nil, userPoolArn: String) {
            self.clientIds = clientIds
            self.groupConfiguration = groupConfiguration
            self.userPoolArn = userPoolArn
        }

        public func validate(name: String) throws {
            try self.clientIds?.forEach {
                try validate($0, name: "clientIds[]", parent: name, max: 255)
                try validate($0, name: "clientIds[]", parent: name, min: 1)
                try validate($0, name: "clientIds[]", parent: name, pattern: "^.*$")
            }
            try self.validate(self.clientIds, name: "clientIds", parent: name, max: 1000)
            try self.groupConfiguration?.validate(name: "\(name).groupConfiguration")
            try self.validate(self.userPoolArn, name: "userPoolArn", parent: name, max: 255)
            try self.validate(self.userPoolArn, name: "userPoolArn", parent: name, min: 1)
            try self.validate(self.userPoolArn, name: "userPoolArn", parent: name, pattern: "^arn:[a-zA-Z0-9-]+:cognito-idp:(([a-zA-Z0-9-]+:\\d{12}:userpool/[\\w-]+_[0-9a-zA-Z]+))$")
        }

        private enum CodingKeys: String, CodingKey {
            case clientIds = "clientIds"
            case groupConfiguration = "groupConfiguration"
            case userPoolArn = "userPoolArn"
        }
    }

    public struct CognitoUserPoolConfigurationDetail: AWSDecodableShape {
        /// The unique application client IDs that are associated with the specified Amazon Cognito user pool. Example: "clientIds": ["&amp;ExampleCogClientId;"]
        public let clientIds: [String]
        /// The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
        public let groupConfiguration: CognitoGroupConfigurationDetail?
        /// The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that contains the identities to be authorized. Example: "issuer": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"
        public let issuer: String
        /// The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be authorized. Example: "userPoolArn": "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"
        public let userPoolArn: String

        @inlinable
        public init(clientIds: [String], groupConfiguration: CognitoGroupConfigurationDetail? = nil, issuer: String, userPoolArn: String) {
            self.clientIds = clientIds
            self.groupConfiguration = groupConfiguration
            self.issuer = issuer
            self.userPoolArn = userPoolArn
        }

        private enum CodingKeys: String, CodingKey {
            case clientIds = "clientIds"
            case groupConfiguration = "groupConfiguration"
            case issuer = "issuer"
            case userPoolArn = "userPoolArn"
        }
    }

    public struct CognitoUserPoolConfigurationItem: AWSDecodableShape {
        /// The unique application client IDs that are associated with the specified Amazon Cognito user pool. Example: "clientIds": ["&amp;ExampleCogClientId;"]
        public let clientIds: [String]
        /// The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
        public let groupConfiguration: CognitoGroupConfigurationItem?
        /// The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that contains the identities to be authorized. Example: "issuer": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"
        public let issuer: String
        /// The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be authorized. Example: "userPoolArn": "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"
        public let userPoolArn: String

        @inlinable
        public init(clientIds: [String], groupConfiguration: CognitoGroupConfigurationItem? = nil, issuer: String, userPoolArn: String) {
            self.clientIds = clientIds
            self.groupConfiguration = groupConfiguration
            self.issuer = issuer
            self.userPoolArn = userPoolArn
        }

        private enum CodingKeys: String, CodingKey {
            case clientIds = "clientIds"
            case groupConfiguration = "groupConfiguration"
            case issuer = "issuer"
            case userPoolArn = "userPoolArn"
        }
    }

    public struct ConflictException: AWSErrorShape {
        public let message: String
        /// The list of resources referenced with this failed request.
        public let resources: [ResourceConflict]

        @inlinable
        public init(message: String, resources: [ResourceConflict]) {
            self.message = message
            self.resources = resources
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case resources = "resources"
        }
    }

    public struct CreateIdentitySourceInput: AWSEncodableShape {
        /// Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.. If you don't provide this value, then Amazon Web Services generates a random one for you. If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error. Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.
        public let clientToken: String?
        /// Specifies the details required to communicate with the identity provider (IdP) associated with this identity source.
        public let configuration: Configuration
        /// Specifies the ID of the policy store in which you want to store this identity source. Only policies and requests made using this policy store can reference identities from the identity provider configured in the new identity source.
        public let policyStoreId: String
        /// Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.
        public let principalEntityType: String?

        @inlinable
        public init(clientToken: String? = CreateIdentitySourceInput.idempotencyToken(), configuration: Configuration, policyStoreId: String, principalEntityType: String? = nil) {
            self.clientToken = clientToken
            self.configuration = configuration
            self.policyStoreId = policyStoreId
            self.principalEntityType = principalEntityType
        }

        public func validate(name: String) throws {
            try self.validate(self.clientToken, name: "clientToken", parent: name, max: 64)
            try self.validate(self.clientToken, name: "clientToken", parent: name, min: 1)
            try self.validate(self.clientToken, name: "clientToken", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.configuration.validate(name: "\(name).configuration")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.validate(self.principalEntityType, name: "principalEntityType", parent: name, max: 200)
            try self.validate(self.principalEntityType, name: "principalEntityType", parent: name, min: 1)
            try self.validate(self.principalEntityType, name: "principalEntityType", parent: name, pattern: "^.*$")
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "clientToken"
            case configuration = "configuration"
            case policyStoreId = "policyStoreId"
            case principalEntityType = "principalEntityType"
        }
    }

    public struct CreateIdentitySourceOutput: AWSDecodableShape {
        /// The date and time the identity source was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The unique ID of the new identity source.
        public let identitySourceId: String
        /// The date and time the identity source was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The ID of the policy store that contains the identity source.
        public let policyStoreId: String

        @inlinable
        public init(createdDate: Date, identitySourceId: String, lastUpdatedDate: Date, policyStoreId: String) {
            self.createdDate = createdDate
            self.identitySourceId = identitySourceId
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
        }

        private enum CodingKeys: String, CodingKey {
            case createdDate = "createdDate"
            case identitySourceId = "identitySourceId"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct CreatePolicyInput: AWSEncodableShape {
        /// Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.. If you don't provide this value, then Amazon Web Services generates a random one for you. If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error. Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.
        public let clientToken: String?
        /// A structure that specifies the policy type and content to use for the new policy. You must include either a static or a templateLinked element. The policy content must be written in the Cedar policy language.
        public let definition: PolicyDefinition
        /// Specifies the PolicyStoreId of the policy store you want to store the policy in.
        public let policyStoreId: String

        @inlinable
        public init(clientToken: String? = CreatePolicyInput.idempotencyToken(), definition: PolicyDefinition, policyStoreId: String) {
            self.clientToken = clientToken
            self.definition = definition
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.validate(self.clientToken, name: "clientToken", parent: name, max: 64)
            try self.validate(self.clientToken, name: "clientToken", parent: name, min: 1)
            try self.validate(self.clientToken, name: "clientToken", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.definition.validate(name: "\(name).definition")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "clientToken"
            case definition = "definition"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct CreatePolicyOutput: AWSDecodableShape {
        /// The action that a policy permits or forbids. For example, {"actions": [{"actionId": "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID": "SharePhoto", "entityType": "PhotoFlash::Action"}]}.
        public let actions: [ActionIdentifier]?
        /// The date and time the policy was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The effect of the decision that a policy returns to an authorization request. For example, "effect": "Permit".
        public let effect: PolicyEffect?
        /// The date and time the policy was last updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The unique ID of the new policy.
        public let policyId: String
        /// The ID of the policy store that contains the new policy.
        public let policyStoreId: String
        /// The policy type of the new policy.
        public let policyType: PolicyType
        /// The principal specified in the new policy's scope. This response element isn't present when principal isn't specified in the policy content.
        public let principal: EntityIdentifier?
        /// The resource specified in the new policy's scope. This response element isn't present when the resource isn't specified in the policy content.
        public let resource: EntityIdentifier?

        @inlinable
        public init(actions: [ActionIdentifier]? = nil, createdDate: Date, effect: PolicyEffect? = nil, lastUpdatedDate: Date, policyId: String, policyStoreId: String, policyType: PolicyType, principal: EntityIdentifier? = nil, resource: EntityIdentifier? = nil) {
            self.actions = actions
            self.createdDate = createdDate
            self.effect = effect
            self.lastUpdatedDate = lastUpdatedDate
            self.policyId = policyId
            self.policyStoreId = policyStoreId
            self.policyType = policyType
            self.principal = principal
            self.resource = resource
        }

        private enum CodingKeys: String, CodingKey {
            case actions = "actions"
            case createdDate = "createdDate"
            case effect = "effect"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyId = "policyId"
            case policyStoreId = "policyStoreId"
            case policyType = "policyType"
            case principal = "principal"
            case resource = "resource"
        }
    }

    public struct CreatePolicyStoreInput: AWSEncodableShape {
        /// Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.. If you don't provide this value, then Amazon Web Services generates a random one for you. If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error. Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.
        public let clientToken: String?
        /// Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted. The default state is DISABLED.
        public let deletionProtection: DeletionProtection?
        /// Descriptive text that you can provide to help with identification of the current policy store.
        public let description: String?
        /// The list of key-value pairs to associate with the policy store.
        public let tags: [String: String]?
        /// Specifies the validation setting for this policy store. Currently, the only valid and required value is Mode.  We recommend that you turn on STRICT mode only after you define a schema. If a schema doesn't exist, then STRICT mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the UpdatePolicyStore. Then, when you have a schema defined, use UpdatePolicyStore again to turn validation back on.
        public let validationSettings: ValidationSettings

        @inlinable
        public init(clientToken: String? = CreatePolicyStoreInput.idempotencyToken(), deletionProtection: DeletionProtection? = nil, description: String? = nil, tags: [String: String]? = nil, validationSettings: ValidationSettings) {
            self.clientToken = clientToken
            self.deletionProtection = deletionProtection
            self.description = description
            self.tags = tags
            self.validationSettings = validationSettings
        }

        public func validate(name: String) throws {
            try self.validate(self.clientToken, name: "clientToken", parent: name, max: 64)
            try self.validate(self.clientToken, name: "clientToken", parent: name, min: 1)
            try self.validate(self.clientToken, name: "clientToken", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.validate(self.description, name: "description", parent: name, max: 150)
            try self.tags?.forEach {
                try validate($0.key, name: "tags.key", parent: name, max: 128)
                try validate($0.key, name: "tags.key", parent: name, min: 1)
                try validate($0.value, name: "tags[\"\($0.key)\"]", parent: name, max: 256)
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 200)
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "clientToken"
            case deletionProtection = "deletionProtection"
            case description = "description"
            case tags = "tags"
            case validationSettings = "validationSettings"
        }
    }

    public struct CreatePolicyStoreOutput: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the new policy store.
        public let arn: String
        /// The date and time the policy store was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The date and time the policy store was last updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The unique ID of the new policy store.
        public let policyStoreId: String

        @inlinable
        public init(arn: String, createdDate: Date, lastUpdatedDate: Date, policyStoreId: String) {
            self.arn = arn
            self.createdDate = createdDate
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case createdDate = "createdDate"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct CreatePolicyTemplateInput: AWSEncodableShape {
        /// Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.. If you don't provide this value, then Amazon Web Services generates a random one for you. If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error. Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.
        public let clientToken: String?
        /// Specifies a description for the policy template.
        public let description: String?
        /// The ID of the policy store in which to create the policy template.
        public let policyStoreId: String
        /// Specifies the content that you want to use for the new policy template, written in the Cedar policy language.
        public let statement: String

        @inlinable
        public init(clientToken: String? = CreatePolicyTemplateInput.idempotencyToken(), description: String? = nil, policyStoreId: String, statement: String) {
            self.clientToken = clientToken
            self.description = description
            self.policyStoreId = policyStoreId
            self.statement = statement
        }

        public func validate(name: String) throws {
            try self.validate(self.clientToken, name: "clientToken", parent: name, max: 64)
            try self.validate(self.clientToken, name: "clientToken", parent: name, min: 1)
            try self.validate(self.clientToken, name: "clientToken", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.validate(self.description, name: "description", parent: name, max: 150)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.validate(self.statement, name: "statement", parent: name, max: 10000)
            try self.validate(self.statement, name: "statement", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case clientToken = "clientToken"
            case description = "description"
            case policyStoreId = "policyStoreId"
            case statement = "statement"
        }
    }

    public struct CreatePolicyTemplateOutput: AWSDecodableShape {
        /// The date and time the policy template was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The date and time the policy template was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The ID of the policy store that contains the policy template.
        public let policyStoreId: String
        /// The unique ID of the new policy template.
        public let policyTemplateId: String

        @inlinable
        public init(createdDate: Date, lastUpdatedDate: Date, policyStoreId: String, policyTemplateId: String) {
            self.createdDate = createdDate
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
            self.policyTemplateId = policyTemplateId
        }

        private enum CodingKeys: String, CodingKey {
            case createdDate = "createdDate"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
            case policyTemplateId = "policyTemplateId"
        }
    }

    public struct DeleteIdentitySourceInput: AWSEncodableShape {
        /// Specifies the ID of the identity source that you want to delete.
        public let identitySourceId: String
        /// Specifies the ID of the policy store that contains the identity source that you want to delete.
        public let policyStoreId: String

        @inlinable
        public init(identitySourceId: String, policyStoreId: String) {
            self.identitySourceId = identitySourceId
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.validate(self.identitySourceId, name: "identitySourceId", parent: name, max: 200)
            try self.validate(self.identitySourceId, name: "identitySourceId", parent: name, min: 1)
            try self.validate(self.identitySourceId, name: "identitySourceId", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case identitySourceId = "identitySourceId"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct DeleteIdentitySourceOutput: AWSDecodableShape {
        public init() {}
    }

    public struct DeletePolicyInput: AWSEncodableShape {
        /// Specifies the ID of the policy that you want to delete.
        public let policyId: String
        /// Specifies the ID of the policy store that contains the policy that you want to delete.
        public let policyStoreId: String

        @inlinable
        public init(policyId: String, policyStoreId: String) {
            self.policyId = policyId
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyId, name: "policyId", parent: name, max: 200)
            try self.validate(self.policyId, name: "policyId", parent: name, min: 1)
            try self.validate(self.policyId, name: "policyId", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyId = "policyId"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct DeletePolicyOutput: AWSDecodableShape {
        public init() {}
    }

    public struct DeletePolicyStoreInput: AWSEncodableShape {
        /// Specifies the ID of the policy store that you want to delete.
        public let policyStoreId: String

        @inlinable
        public init(policyStoreId: String) {
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyStoreId = "policyStoreId"
        }
    }

    public struct DeletePolicyStoreOutput: AWSDecodableShape {
        public init() {}
    }

    public struct DeletePolicyTemplateInput: AWSEncodableShape {
        /// Specifies the ID of the policy store that contains the policy template that you want to delete.
        public let policyStoreId: String
        /// Specifies the ID of the policy template that you want to delete.
        public let policyTemplateId: String

        @inlinable
        public init(policyStoreId: String, policyTemplateId: String) {
            self.policyStoreId = policyStoreId
            self.policyTemplateId = policyTemplateId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, max: 200)
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, min: 1)
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyStoreId = "policyStoreId"
            case policyTemplateId = "policyTemplateId"
        }
    }

    public struct DeletePolicyTemplateOutput: AWSDecodableShape {
        public init() {}
    }

    public struct DeterminingPolicyItem: AWSDecodableShape {
        /// The Id of a policy that determined to an authorization decision. Example: "policyId":"SPEXAMPLEabcdefg111111"
        public let policyId: String

        @inlinable
        public init(policyId: String) {
            self.policyId = policyId
        }

        private enum CodingKeys: String, CodingKey {
            case policyId = "policyId"
        }
    }

    public struct EntityIdentifier: AWSEncodableShape & AWSDecodableShape {
        /// The identifier of an entity.  "entityId":"identifier"
        public let entityId: String
        /// The type of an entity. Example: "entityType":"typeName"
        public let entityType: String

        @inlinable
        public init(entityId: String, entityType: String) {
            self.entityId = entityId
            self.entityType = entityType
        }

        public func validate(name: String) throws {
            try self.validate(self.entityId, name: "entityId", parent: name, max: 200)
            try self.validate(self.entityId, name: "entityId", parent: name, min: 1)
            try self.validate(self.entityId, name: "entityId", parent: name, pattern: "^.*$")
            try self.validate(self.entityType, name: "entityType", parent: name, max: 200)
            try self.validate(self.entityType, name: "entityType", parent: name, min: 1)
            try self.validate(self.entityType, name: "entityType", parent: name, pattern: "^.*$")
        }

        private enum CodingKeys: String, CodingKey {
            case entityId = "entityId"
            case entityType = "entityType"
        }
    }

    public struct EntityItem: AWSEncodableShape {
        /// A list of attributes for the entity.
        public let attributes: [String: AttributeValue]?
        /// The identifier of the entity.
        public let identifier: EntityIdentifier
        /// The parent entities in the hierarchy that contains the entity. A principal or resource entity can be defined with at most 99 transitive parents per authorization request.  A transitive parent is an entity in the hierarchy of entities including all direct parents, and parents of parents. For example, a user can be a member of 91 groups if one of those groups is a member of eight groups, for a total of 100: one entity, 91 entity parents, and eight parents of parents.
        public let parents: [EntityIdentifier]?

        @inlinable
        public init(attributes: [String: AttributeValue]? = nil, identifier: EntityIdentifier, parents: [EntityIdentifier]? = nil) {
            self.attributes = attributes
            self.identifier = identifier
            self.parents = parents
        }

        public func validate(name: String) throws {
            try self.attributes?.forEach {
                try $0.value.validate(name: "\(name).attributes[\"\($0.key)\"]")
            }
            try self.identifier.validate(name: "\(name).identifier")
            try self.parents?.forEach {
                try $0.validate(name: "\(name).parents[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case attributes = "attributes"
            case identifier = "identifier"
            case parents = "parents"
        }
    }

    public struct EvaluationErrorItem: AWSDecodableShape {
        /// The error description.
        public let errorDescription: String

        @inlinable
        public init(errorDescription: String) {
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case errorDescription = "errorDescription"
        }
    }

    public struct GetIdentitySourceInput: AWSEncodableShape {
        /// Specifies the ID of the identity source you want information about.
        public let identitySourceId: String
        /// Specifies the ID of the policy store that contains the identity source you want information about.
        public let policyStoreId: String

        @inlinable
        public init(identitySourceId: String, policyStoreId: String) {
            self.identitySourceId = identitySourceId
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.validate(self.identitySourceId, name: "identitySourceId", parent: name, max: 200)
            try self.validate(self.identitySourceId, name: "identitySourceId", parent: name, min: 1)
            try self.validate(self.identitySourceId, name: "identitySourceId", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case identitySourceId = "identitySourceId"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct GetIdentitySourceOutput: AWSDecodableShape {
        /// Contains configuration information about an identity source.
        public let configuration: ConfigurationDetail?
        /// The date and time that the identity source was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// A structure that describes the configuration of the identity source.
        public let details: IdentitySourceDetails?
        /// The ID of the identity source.
        public let identitySourceId: String
        /// The date and time that the identity source was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The ID of the policy store that contains the identity source.
        public let policyStoreId: String
        /// The data type of principals generated for identities authenticated by this identity source.
        public let principalEntityType: String

        @inlinable
        public init(configuration: ConfigurationDetail? = nil, createdDate: Date, identitySourceId: String, lastUpdatedDate: Date, policyStoreId: String, principalEntityType: String) {
            self.configuration = configuration
            self.createdDate = createdDate
            self.details = nil
            self.identitySourceId = identitySourceId
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
            self.principalEntityType = principalEntityType
        }

        @available(*, deprecated, message: "Members details have been deprecated")
        @inlinable
        public init(configuration: ConfigurationDetail? = nil, createdDate: Date, details: IdentitySourceDetails? = nil, identitySourceId: String, lastUpdatedDate: Date, policyStoreId: String, principalEntityType: String) {
            self.configuration = configuration
            self.createdDate = createdDate
            self.details = details
            self.identitySourceId = identitySourceId
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
            self.principalEntityType = principalEntityType
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
            case createdDate = "createdDate"
            case details = "details"
            case identitySourceId = "identitySourceId"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
            case principalEntityType = "principalEntityType"
        }
    }

    public struct GetPolicyInput: AWSEncodableShape {
        /// Specifies the ID of the policy you want information about.
        public let policyId: String
        /// Specifies the ID of the policy store that contains the policy that you want information about.
        public let policyStoreId: String

        @inlinable
        public init(policyId: String, policyStoreId: String) {
            self.policyId = policyId
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyId, name: "policyId", parent: name, max: 200)
            try self.validate(self.policyId, name: "policyId", parent: name, min: 1)
            try self.validate(self.policyId, name: "policyId", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyId = "policyId"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct GetPolicyOutput: AWSDecodableShape {
        /// The action that a policy permits or forbids. For example, {"actions": [{"actionId": "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID": "SharePhoto", "entityType": "PhotoFlash::Action"}]}.
        public let actions: [ActionIdentifier]?
        /// The date and time that the policy was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The definition of the requested policy.
        public let definition: PolicyDefinitionDetail
        /// The effect of the decision that a policy returns to an authorization request. For example, "effect": "Permit".
        public let effect: PolicyEffect?
        /// The date and time that the policy was last updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The unique ID of the policy that you want information about.
        public let policyId: String
        /// The ID of the policy store that contains the policy that you want information about.
        public let policyStoreId: String
        /// The type of the policy.
        public let policyType: PolicyType
        /// The principal specified in the policy's scope. This element isn't included in the response when Principal isn't present in the policy content.
        public let principal: EntityIdentifier?
        /// The resource specified in the policy's scope. This element isn't included in the response when Resource isn't present in the policy content.
        public let resource: EntityIdentifier?

        @inlinable
        public init(actions: [ActionIdentifier]? = nil, createdDate: Date, definition: PolicyDefinitionDetail, effect: PolicyEffect? = nil, lastUpdatedDate: Date, policyId: String, policyStoreId: String, policyType: PolicyType, principal: EntityIdentifier? = nil, resource: EntityIdentifier? = nil) {
            self.actions = actions
            self.createdDate = createdDate
            self.definition = definition
            self.effect = effect
            self.lastUpdatedDate = lastUpdatedDate
            self.policyId = policyId
            self.policyStoreId = policyStoreId
            self.policyType = policyType
            self.principal = principal
            self.resource = resource
        }

        private enum CodingKeys: String, CodingKey {
            case actions = "actions"
            case createdDate = "createdDate"
            case definition = "definition"
            case effect = "effect"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyId = "policyId"
            case policyStoreId = "policyStoreId"
            case policyType = "policyType"
            case principal = "principal"
            case resource = "resource"
        }
    }

    public struct GetPolicyStoreInput: AWSEncodableShape {
        /// Specifies the ID of the policy store that you want information about.
        public let policyStoreId: String
        /// Specifies whether to return the tags that are attached to the policy store. If this parameter is included in the API call, the tags are returned, otherwise they are not returned.  If this parameter is included in the API call but there are no tags attached to the policy store, the tags response parameter is omitted from the response.
        public let tags: Bool?

        @inlinable
        public init(policyStoreId: String, tags: Bool? = nil) {
            self.policyStoreId = policyStoreId
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyStoreId = "policyStoreId"
            case tags = "tags"
        }
    }

    public struct GetPolicyStoreOutput: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the policy store.
        public let arn: String
        /// The version of the Cedar language used with policies, policy templates, and schemas in this policy store. For more information, see Amazon Verified Permissions upgrade to Cedar v4 FAQ.
        public let cedarVersion: CedarVersion?
        /// The date and time that the policy store was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted. The default state is DISABLED.
        public let deletionProtection: DeletionProtection?
        /// Descriptive text that you can provide to help with identification of the current policy store.
        public let description: String?
        /// The date and time that the policy store was last updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The ID of the policy store;
        public let policyStoreId: String
        /// The list of tags associated with the policy store.
        public let tags: [String: String]?
        /// The current validation settings for the policy store.
        public let validationSettings: ValidationSettings

        @inlinable
        public init(arn: String, cedarVersion: CedarVersion? = nil, createdDate: Date, deletionProtection: DeletionProtection? = nil, description: String? = nil, lastUpdatedDate: Date, policyStoreId: String, tags: [String: String]? = nil, validationSettings: ValidationSettings) {
            self.arn = arn
            self.cedarVersion = cedarVersion
            self.createdDate = createdDate
            self.deletionProtection = deletionProtection
            self.description = description
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
            self.tags = tags
            self.validationSettings = validationSettings
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case cedarVersion = "cedarVersion"
            case createdDate = "createdDate"
            case deletionProtection = "deletionProtection"
            case description = "description"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
            case tags = "tags"
            case validationSettings = "validationSettings"
        }
    }

    public struct GetPolicyTemplateInput: AWSEncodableShape {
        /// Specifies the ID of the policy store that contains the policy template that you want information about.
        public let policyStoreId: String
        /// Specifies the ID of the policy template that you want information about.
        public let policyTemplateId: String

        @inlinable
        public init(policyStoreId: String, policyTemplateId: String) {
            self.policyStoreId = policyStoreId
            self.policyTemplateId = policyTemplateId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, max: 200)
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, min: 1)
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyStoreId = "policyStoreId"
            case policyTemplateId = "policyTemplateId"
        }
    }

    public struct GetPolicyTemplateOutput: AWSDecodableShape {
        /// The date and time that the policy template was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The description of the policy template.
        public let description: String?
        /// The date and time that the policy template was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The ID of the policy store that contains the policy template.
        public let policyStoreId: String
        /// The ID of the policy template.
        public let policyTemplateId: String
        /// The content of the body of the policy template written in the Cedar policy language.
        public let statement: String

        @inlinable
        public init(createdDate: Date, description: String? = nil, lastUpdatedDate: Date, policyStoreId: String, policyTemplateId: String, statement: String) {
            self.createdDate = createdDate
            self.description = description
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
            self.policyTemplateId = policyTemplateId
            self.statement = statement
        }

        private enum CodingKeys: String, CodingKey {
            case createdDate = "createdDate"
            case description = "description"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
            case policyTemplateId = "policyTemplateId"
            case statement = "statement"
        }
    }

    public struct GetSchemaInput: AWSEncodableShape {
        /// Specifies the ID of the policy store that contains the schema.
        public let policyStoreId: String

        @inlinable
        public init(policyStoreId: String) {
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyStoreId = "policyStoreId"
        }
    }

    public struct GetSchemaOutput: AWSDecodableShape {
        /// The date and time that the schema was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The date and time that the schema was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The namespaces of the entities referenced by this schema.
        public let namespaces: [String]?
        /// The ID of the policy store that contains the schema.
        public let policyStoreId: String
        /// The body of the schema, written in Cedar schema JSON.
        public let schema: String

        @inlinable
        public init(createdDate: Date, lastUpdatedDate: Date, namespaces: [String]? = nil, policyStoreId: String, schema: String) {
            self.createdDate = createdDate
            self.lastUpdatedDate = lastUpdatedDate
            self.namespaces = namespaces
            self.policyStoreId = policyStoreId
            self.schema = schema
        }

        private enum CodingKeys: String, CodingKey {
            case createdDate = "createdDate"
            case lastUpdatedDate = "lastUpdatedDate"
            case namespaces = "namespaces"
            case policyStoreId = "policyStoreId"
            case schema = "schema"
        }
    }

    public struct IdentitySourceDetails: AWSDecodableShape {
        /// The application client IDs associated with the specified Amazon Cognito user pool that are enabled for this identity source.
        public let clientIds: [String]?
        /// The well-known URL that points to this user pool's OIDC discovery endpoint. This is a URL string in the following format. This URL replaces the placeholders for both the Amazon Web Services Region and the user pool identifier with those appropriate for this user pool.  https://cognito-idp.&lt;region&gt;.amazonaws.com/&lt;user-pool-id&gt;/.well-known/openid-configuration
        public let discoveryUrl: String?
        /// A string that identifies the type of OIDC service represented by this identity source.  At this time, the only valid value is cognito.
        public let openIdIssuer: OpenIdIssuer?
        /// The Amazon Resource Name (ARN) of the Amazon Cognito user pool whose identities are accessible to this Verified Permissions policy store.
        public let userPoolArn: String?

        @inlinable
        public init() {
            self.clientIds = nil
            self.discoveryUrl = nil
            self.openIdIssuer = nil
            self.userPoolArn = nil
        }

        @available(*, deprecated, message: "Members clientIds, discoveryUrl, openIdIssuer, userPoolArn have been deprecated")
        @inlinable
        public init(clientIds: [String]? = nil, discoveryUrl: String? = nil, openIdIssuer: OpenIdIssuer? = nil, userPoolArn: String? = nil) {
            self.clientIds = clientIds
            self.discoveryUrl = discoveryUrl
            self.openIdIssuer = openIdIssuer
            self.userPoolArn = userPoolArn
        }

        private enum CodingKeys: String, CodingKey {
            case clientIds = "clientIds"
            case discoveryUrl = "discoveryUrl"
            case openIdIssuer = "openIdIssuer"
            case userPoolArn = "userPoolArn"
        }
    }

    public struct IdentitySourceFilter: AWSEncodableShape {
        /// The Cedar entity type of the principals returned by the identity provider (IdP) associated with this identity source.
        public let principalEntityType: String?

        @inlinable
        public init(principalEntityType: String? = nil) {
            self.principalEntityType = principalEntityType
        }

        public func validate(name: String) throws {
            try self.validate(self.principalEntityType, name: "principalEntityType", parent: name, max: 200)
            try self.validate(self.principalEntityType, name: "principalEntityType", parent: name, min: 1)
            try self.validate(self.principalEntityType, name: "principalEntityType", parent: name, pattern: "^.*$")
        }

        private enum CodingKeys: String, CodingKey {
            case principalEntityType = "principalEntityType"
        }
    }

    public struct IdentitySourceItem: AWSDecodableShape {
        /// Contains configuration information about an identity source.
        public let configuration: ConfigurationItem?
        /// The date and time the identity source was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// A structure that contains the details of the associated identity provider (IdP).
        public let details: IdentitySourceItemDetails?
        /// The unique identifier of the identity source.
        public let identitySourceId: String
        /// The date and time the identity source was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The identifier of the policy store that contains the identity source.
        public let policyStoreId: String
        /// The Cedar entity type of the principals returned from the IdP associated with this identity source.
        public let principalEntityType: String

        @inlinable
        public init(configuration: ConfigurationItem? = nil, createdDate: Date, identitySourceId: String, lastUpdatedDate: Date, policyStoreId: String, principalEntityType: String) {
            self.configuration = configuration
            self.createdDate = createdDate
            self.details = nil
            self.identitySourceId = identitySourceId
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
            self.principalEntityType = principalEntityType
        }

        @available(*, deprecated, message: "Members details have been deprecated")
        @inlinable
        public init(configuration: ConfigurationItem? = nil, createdDate: Date, details: IdentitySourceItemDetails? = nil, identitySourceId: String, lastUpdatedDate: Date, policyStoreId: String, principalEntityType: String) {
            self.configuration = configuration
            self.createdDate = createdDate
            self.details = details
            self.identitySourceId = identitySourceId
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
            self.principalEntityType = principalEntityType
        }

        private enum CodingKeys: String, CodingKey {
            case configuration = "configuration"
            case createdDate = "createdDate"
            case details = "details"
            case identitySourceId = "identitySourceId"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
            case principalEntityType = "principalEntityType"
        }
    }

    public struct IdentitySourceItemDetails: AWSDecodableShape {
        /// The application client IDs associated with the specified Amazon Cognito user pool that are enabled for this identity source.
        public let clientIds: [String]?
        /// The well-known URL that points to this user pool's OIDC discovery endpoint. This is a URL string in the following format. This URL replaces the placeholders for both the Amazon Web Services Region and the user pool identifier with those appropriate for this user pool.  https://cognito-idp.&lt;region&gt;.amazonaws.com/&lt;user-pool-id&gt;/.well-known/openid-configuration
        public let discoveryUrl: String?
        /// A string that identifies the type of OIDC service represented by this identity source.  At this time, the only valid value is cognito.
        public let openIdIssuer: OpenIdIssuer?
        /// The Amazon Cognito user pool whose identities are accessible to this Verified Permissions policy store.
        public let userPoolArn: String?

        @inlinable
        public init() {
            self.clientIds = nil
            self.discoveryUrl = nil
            self.openIdIssuer = nil
            self.userPoolArn = nil
        }

        @available(*, deprecated, message: "Members clientIds, discoveryUrl, openIdIssuer, userPoolArn have been deprecated")
        @inlinable
        public init(clientIds: [String]? = nil, discoveryUrl: String? = nil, openIdIssuer: OpenIdIssuer? = nil, userPoolArn: String? = nil) {
            self.clientIds = clientIds
            self.discoveryUrl = discoveryUrl
            self.openIdIssuer = openIdIssuer
            self.userPoolArn = userPoolArn
        }

        private enum CodingKeys: String, CodingKey {
            case clientIds = "clientIds"
            case discoveryUrl = "discoveryUrl"
            case openIdIssuer = "openIdIssuer"
            case userPoolArn = "userPoolArn"
        }
    }

    public struct IsAuthorizedInput: AWSEncodableShape {
        /// Specifies the requested action to be authorized. For example, is the principal authorized to perform this action on the resource?
        public let action: ActionIdentifier?
        /// Specifies additional context that can be used to make more granular authorization decisions.
        public let context: ContextDefinition?
        /// (Optional) Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies. These additional entities and their attributes can be referenced and checked by conditional elements in the policies in the specified policy store.  You can include only principal and resource entities in this parameter; you can't include actions. You must specify actions in the schema.
        public let entities: EntitiesDefinition?
        /// Specifies the ID of the policy store. Policies in this policy store will be used to make an authorization decision for the input.
        public let policyStoreId: String
        /// Specifies the principal for which the authorization decision is to be made.
        public let principal: EntityIdentifier?
        /// Specifies the resource for which the authorization decision is to be made.
        public let resource: EntityIdentifier?

        @inlinable
        public init(action: ActionIdentifier? = nil, context: ContextDefinition? = nil, entities: EntitiesDefinition? = nil, policyStoreId: String, principal: EntityIdentifier? = nil, resource: EntityIdentifier? = nil) {
            self.action = action
            self.context = context
            self.entities = entities
            self.policyStoreId = policyStoreId
            self.principal = principal
            self.resource = resource
        }

        public func validate(name: String) throws {
            try self.action?.validate(name: "\(name).action")
            try self.context?.validate(name: "\(name).context")
            try self.entities?.validate(name: "\(name).entities")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.principal?.validate(name: "\(name).principal")
            try self.resource?.validate(name: "\(name).resource")
        }

        private enum CodingKeys: String, CodingKey {
            case action = "action"
            case context = "context"
            case entities = "entities"
            case policyStoreId = "policyStoreId"
            case principal = "principal"
            case resource = "resource"
        }
    }

    public struct IsAuthorizedOutput: AWSDecodableShape {
        /// An authorization decision that indicates if the authorization request should be allowed or denied.
        public let decision: Decision
        /// The list of determining policies used to make the authorization decision. For example, if there are two matching policies, where one is a forbid and the other is a permit, then the forbid policy will be the determining policy. In the case of multiple matching permit policies then there would be multiple determining policies. In the case that no policies match, and hence the response is DENY, there would be no determining policies.
        public let determiningPolicies: [DeterminingPolicyItem]
        /// Errors that occurred while making an authorization decision, for example, a policy references an Entity or entity Attribute that does not exist in the slice.
        public let errors: [EvaluationErrorItem]

        @inlinable
        public init(decision: Decision, determiningPolicies: [DeterminingPolicyItem], errors: [EvaluationErrorItem]) {
            self.decision = decision
            self.determiningPolicies = determiningPolicies
            self.errors = errors
        }

        private enum CodingKeys: String, CodingKey {
            case decision = "decision"
            case determiningPolicies = "determiningPolicies"
            case errors = "errors"
        }
    }

    public struct IsAuthorizedWithTokenInput: AWSEncodableShape {
        /// Specifies an access token for the principal to be authorized. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an accessToken, an identityToken, or both. Must be an access token. Verified Permissions returns an error if the token_use claim in the submitted token isn't access.
        public let accessToken: String?
        /// Specifies the requested action to be authorized. Is the specified principal authorized to perform this action on the specified resource.
        public let action: ActionIdentifier?
        /// Specifies additional context that can be used to make more granular authorization decisions.
        public let context: ContextDefinition?
        /// (Optional) Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies. These additional entities and their attributes can be referenced and checked by conditional elements in the policies in the specified policy store.  You can't include principals in this parameter, only resource and action entities. This parameter can't include any entities of a type that matches the user or group entity types that you defined in your identity source.   The IsAuthorizedWithToken operation takes principal attributes from  only  the identityToken or accessToken passed to the operation.   For action entities, you can include only their Identifier and EntityType.
        public let entities: EntitiesDefinition?
        /// Specifies an identity token for the principal to be authorized. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an accessToken, an identityToken, or both. Must be an ID token. Verified Permissions returns an error if the token_use claim in the submitted token isn't id.
        public let identityToken: String?
        /// Specifies the ID of the policy store. Policies in this policy store will be used to make an authorization decision for the input.
        public let policyStoreId: String
        /// Specifies the resource for which the authorization decision is made. For example, is the principal allowed to perform the action on the resource?
        public let resource: EntityIdentifier?

        @inlinable
        public init(accessToken: String? = nil, action: ActionIdentifier? = nil, context: ContextDefinition? = nil, entities: EntitiesDefinition? = nil, identityToken: String? = nil, policyStoreId: String, resource: EntityIdentifier? = nil) {
            self.accessToken = accessToken
            self.action = action
            self.context = context
            self.entities = entities
            self.identityToken = identityToken
            self.policyStoreId = policyStoreId
            self.resource = resource
        }

        public func validate(name: String) throws {
            try self.validate(self.accessToken, name: "accessToken", parent: name, max: 131072)
            try self.validate(self.accessToken, name: "accessToken", parent: name, min: 1)
            try self.validate(self.accessToken, name: "accessToken", parent: name, pattern: "^[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+$")
            try self.action?.validate(name: "\(name).action")
            try self.context?.validate(name: "\(name).context")
            try self.entities?.validate(name: "\(name).entities")
            try self.validate(self.identityToken, name: "identityToken", parent: name, max: 131072)
            try self.validate(self.identityToken, name: "identityToken", parent: name, min: 1)
            try self.validate(self.identityToken, name: "identityToken", parent: name, pattern: "^[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.resource?.validate(name: "\(name).resource")
        }

        private enum CodingKeys: String, CodingKey {
            case accessToken = "accessToken"
            case action = "action"
            case context = "context"
            case entities = "entities"
            case identityToken = "identityToken"
            case policyStoreId = "policyStoreId"
            case resource = "resource"
        }
    }

    public struct IsAuthorizedWithTokenOutput: AWSDecodableShape {
        /// An authorization decision that indicates if the authorization request should be allowed or denied.
        public let decision: Decision
        /// The list of determining policies used to make the authorization decision. For example, if there are multiple matching policies, where at least one is a forbid policy, then because forbid always overrides permit the forbid policies are the determining policies. If all matching policies are permit policies, then those policies are the determining policies. When no policies match and the response is the default DENY, there are no determining policies.
        public let determiningPolicies: [DeterminingPolicyItem]
        /// Errors that occurred while making an authorization decision. For example, a policy references an entity or entity attribute that does not exist in the slice.
        public let errors: [EvaluationErrorItem]
        /// The identifier of the principal in the ID or access token.
        public let principal: EntityIdentifier?

        @inlinable
        public init(decision: Decision, determiningPolicies: [DeterminingPolicyItem], errors: [EvaluationErrorItem], principal: EntityIdentifier? = nil) {
            self.decision = decision
            self.determiningPolicies = determiningPolicies
            self.errors = errors
            self.principal = principal
        }

        private enum CodingKeys: String, CodingKey {
            case decision = "decision"
            case determiningPolicies = "determiningPolicies"
            case errors = "errors"
            case principal = "principal"
        }
    }

    public struct ListIdentitySourcesInput: AWSEncodableShape {
        /// Specifies characteristics of an identity source that you can use to limit the output to matching identity sources.
        public let filters: [IdentitySourceFilter]?
        /// Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results. If you do not specify this parameter, the operation defaults to 10 identity sources per response. You can specify a maximum of 50 identity sources per response.
        public let maxResults: Int?
        /// Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
        public let nextToken: String?
        /// Specifies the ID of the policy store that contains the identity sources that you want to list.
        public let policyStoreId: String

        @inlinable
        public init(filters: [IdentitySourceFilter]? = nil, maxResults: Int? = nil, nextToken: String? = nil, policyStoreId: String) {
            self.filters = filters
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.filters?.forEach {
                try $0.validate(name: "\(name).filters[]")
            }
            try self.validate(self.filters, name: "filters", parent: name, max: 10)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 8000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[A-Za-z0-9-_=+/\\.]*$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case filters = "filters"
            case maxResults = "maxResults"
            case nextToken = "nextToken"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct ListIdentitySourcesOutput: AWSDecodableShape {
        /// The list of identity sources stored in the specified policy store.
        public let identitySources: [IdentitySourceItem]
        /// If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
        public let nextToken: String?

        @inlinable
        public init(identitySources: [IdentitySourceItem], nextToken: String? = nil) {
            self.identitySources = identitySources
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case identitySources = "identitySources"
            case nextToken = "nextToken"
        }
    }

    public struct ListPoliciesInput: AWSEncodableShape {
        /// Specifies a filter that limits the response to only policies that match the specified criteria. For example, you list only the policies that reference a specified principal.
        public let filter: PolicyFilter?
        /// Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results. If you do not specify this parameter, the operation defaults to 10 policies per response. You can specify a maximum of 50 policies per response.
        public let maxResults: Int?
        /// Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
        public let nextToken: String?
        /// Specifies the ID of the policy store you want to list policies from.
        public let policyStoreId: String

        @inlinable
        public init(filter: PolicyFilter? = nil, maxResults: Int? = nil, nextToken: String? = nil, policyStoreId: String) {
            self.filter = filter
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.filter?.validate(name: "\(name).filter")
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 8000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[A-Za-z0-9-_=+/\\.]*$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case filter = "filter"
            case maxResults = "maxResults"
            case nextToken = "nextToken"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct ListPoliciesOutput: AWSDecodableShape {
        /// If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
        public let nextToken: String?
        /// Lists all policies that are available in the specified policy store.
        public let policies: [PolicyItem]

        @inlinable
        public init(nextToken: String? = nil, policies: [PolicyItem]) {
            self.nextToken = nextToken
            self.policies = policies
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "nextToken"
            case policies = "policies"
        }
    }

    public struct ListPolicyStoresInput: AWSEncodableShape {
        /// Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results. If you do not specify this parameter, the operation defaults to 10 policy stores per response. You can specify a maximum of 50 policy stores per response.
        public let maxResults: Int?
        /// Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 8000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[A-Za-z0-9-_=+/\\.]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "maxResults"
            case nextToken = "nextToken"
        }
    }

    public struct ListPolicyStoresOutput: AWSDecodableShape {
        /// If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
        public let nextToken: String?
        /// The list of policy stores in the account.
        public let policyStores: [PolicyStoreItem]

        @inlinable
        public init(nextToken: String? = nil, policyStores: [PolicyStoreItem]) {
            self.nextToken = nextToken
            self.policyStores = policyStores
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "nextToken"
            case policyStores = "policyStores"
        }
    }

    public struct ListPolicyTemplatesInput: AWSEncodableShape {
        /// Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results. If you do not specify this parameter, the operation defaults to 10 policy templates per response. You can specify a maximum of 50 policy templates per response.
        public let maxResults: Int?
        /// Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.
        public let nextToken: String?
        /// Specifies the ID of the policy store that contains the policy templates you want to list.
        public let policyStoreId: String

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, policyStoreId: String) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 8000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[A-Za-z0-9-_=+/\\.]*$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "maxResults"
            case nextToken = "nextToken"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct ListPolicyTemplatesOutput: AWSDecodableShape {
        /// If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.
        public let nextToken: String?
        /// The list of the policy templates in the specified policy store.
        public let policyTemplates: [PolicyTemplateItem]

        @inlinable
        public init(nextToken: String? = nil, policyTemplates: [PolicyTemplateItem]) {
            self.nextToken = nextToken
            self.policyTemplates = policyTemplates
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "nextToken"
            case policyTemplates = "policyTemplates"
        }
    }

    public struct ListTagsForResourceInput: AWSEncodableShape {
        /// The ARN of the resource for which you want to view tags.
        public let resourceArn: String

        @inlinable
        public init(resourceArn: String) {
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "resourceArn"
        }
    }

    public struct ListTagsForResourceOutput: AWSDecodableShape {
        /// The list of tags associated with the resource.
        public let tags: [String: String]?

        @inlinable
        public init(tags: [String: String]? = nil) {
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case tags = "tags"
        }
    }

    public struct OpenIdConnectAccessTokenConfiguration: AWSEncodableShape {
        /// The access token aud claim values that you want to accept in your policy store. For example, https://myapp.example.com, https://myapp2.example.com.
        public let audiences: [String]?
        /// The claim that determines the principal in OIDC access tokens. For example, sub.
        public let principalIdClaim: String?

        @inlinable
        public init(audiences: [String]? = nil, principalIdClaim: String? = nil) {
            self.audiences = audiences
            self.principalIdClaim = principalIdClaim
        }

        public func validate(name: String) throws {
            try self.audiences?.forEach {
                try validate($0, name: "audiences[]", parent: name, max: 255)
                try validate($0, name: "audiences[]", parent: name, min: 1)
            }
            try self.validate(self.audiences, name: "audiences", parent: name, max: 255)
            try self.validate(self.audiences, name: "audiences", parent: name, min: 1)
            try self.validate(self.principalIdClaim, name: "principalIdClaim", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case audiences = "audiences"
            case principalIdClaim = "principalIdClaim"
        }
    }

    public struct OpenIdConnectAccessTokenConfigurationDetail: AWSDecodableShape {
        /// The access token aud claim values that you want to accept in your policy store. For example, https://myapp.example.com, https://myapp2.example.com.
        public let audiences: [String]?
        /// The claim that determines the principal in OIDC access tokens. For example, sub.
        public let principalIdClaim: String?

        @inlinable
        public init(audiences: [String]? = nil, principalIdClaim: String? = nil) {
            self.audiences = audiences
            self.principalIdClaim = principalIdClaim
        }

        private enum CodingKeys: String, CodingKey {
            case audiences = "audiences"
            case principalIdClaim = "principalIdClaim"
        }
    }

    public struct OpenIdConnectAccessTokenConfigurationItem: AWSDecodableShape {
        /// The access token aud claim values that you want to accept in your policy store. For example, https://myapp.example.com, https://myapp2.example.com.
        public let audiences: [String]?
        /// The claim that determines the principal in OIDC access tokens. For example, sub.
        public let principalIdClaim: String?

        @inlinable
        public init(audiences: [String]? = nil, principalIdClaim: String? = nil) {
            self.audiences = audiences
            self.principalIdClaim = principalIdClaim
        }

        private enum CodingKeys: String, CodingKey {
            case audiences = "audiences"
            case principalIdClaim = "principalIdClaim"
        }
    }

    public struct OpenIdConnectConfiguration: AWSEncodableShape {
        /// A descriptive string that you want to prefix to user entities from your OIDC identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos.
        public let entityIdPrefix: String?
        /// The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
        public let groupConfiguration: OpenIdConnectGroupConfiguration?
        /// The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration.
        public let issuer: String
        /// The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
        public let tokenSelection: OpenIdConnectTokenSelection

        @inlinable
        public init(entityIdPrefix: String? = nil, groupConfiguration: OpenIdConnectGroupConfiguration? = nil, issuer: String, tokenSelection: OpenIdConnectTokenSelection) {
            self.entityIdPrefix = entityIdPrefix
            self.groupConfiguration = groupConfiguration
            self.issuer = issuer
            self.tokenSelection = tokenSelection
        }

        public func validate(name: String) throws {
            try self.validate(self.entityIdPrefix, name: "entityIdPrefix", parent: name, max: 100)
            try self.validate(self.entityIdPrefix, name: "entityIdPrefix", parent: name, min: 1)
            try self.groupConfiguration?.validate(name: "\(name).groupConfiguration")
            try self.validate(self.issuer, name: "issuer", parent: name, max: 2048)
            try self.validate(self.issuer, name: "issuer", parent: name, min: 1)
            try self.validate(self.issuer, name: "issuer", parent: name, pattern: "^https://.*$")
            try self.tokenSelection.validate(name: "\(name).tokenSelection")
        }

        private enum CodingKeys: String, CodingKey {
            case entityIdPrefix = "entityIdPrefix"
            case groupConfiguration = "groupConfiguration"
            case issuer = "issuer"
            case tokenSelection = "tokenSelection"
        }
    }

    public struct OpenIdConnectConfigurationDetail: AWSDecodableShape {
        /// A descriptive string that you want to prefix to user entities from your OIDC identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos.
        public let entityIdPrefix: String?
        /// The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
        public let groupConfiguration: OpenIdConnectGroupConfigurationDetail?
        /// The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration.
        public let issuer: String
        /// The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
        public let tokenSelection: OpenIdConnectTokenSelectionDetail

        @inlinable
        public init(entityIdPrefix: String? = nil, groupConfiguration: OpenIdConnectGroupConfigurationDetail? = nil, issuer: String, tokenSelection: OpenIdConnectTokenSelectionDetail) {
            self.entityIdPrefix = entityIdPrefix
            self.groupConfiguration = groupConfiguration
            self.issuer = issuer
            self.tokenSelection = tokenSelection
        }

        private enum CodingKeys: String, CodingKey {
            case entityIdPrefix = "entityIdPrefix"
            case groupConfiguration = "groupConfiguration"
            case issuer = "issuer"
            case tokenSelection = "tokenSelection"
        }
    }

    public struct OpenIdConnectConfigurationItem: AWSDecodableShape {
        /// A descriptive string that you want to prefix to user entities from your OIDC identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos.
        public let entityIdPrefix: String?
        /// The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
        public let groupConfiguration: OpenIdConnectGroupConfigurationItem?
        /// The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration.
        public let issuer: String
        /// The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
        public let tokenSelection: OpenIdConnectTokenSelectionItem

        @inlinable
        public init(entityIdPrefix: String? = nil, groupConfiguration: OpenIdConnectGroupConfigurationItem? = nil, issuer: String, tokenSelection: OpenIdConnectTokenSelectionItem) {
            self.entityIdPrefix = entityIdPrefix
            self.groupConfiguration = groupConfiguration
            self.issuer = issuer
            self.tokenSelection = tokenSelection
        }

        private enum CodingKeys: String, CodingKey {
            case entityIdPrefix = "entityIdPrefix"
            case groupConfiguration = "groupConfiguration"
            case issuer = "issuer"
            case tokenSelection = "tokenSelection"
        }
    }

    public struct OpenIdConnectGroupConfiguration: AWSEncodableShape {
        /// The token claim that you want Verified Permissions to interpret as group membership. For example, groups.
        public let groupClaim: String
        /// The policy store entity type that you want to map your users' group claim to. For example, MyCorp::UserGroup. A group entity type is an entity that can have a user entity type as a member.
        public let groupEntityType: String

        @inlinable
        public init(groupClaim: String, groupEntityType: String) {
            self.groupClaim = groupClaim
            self.groupEntityType = groupEntityType
        }

        public func validate(name: String) throws {
            try self.validate(self.groupClaim, name: "groupClaim", parent: name, min: 1)
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, max: 200)
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, min: 1)
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, pattern: "^([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupClaim = "groupClaim"
            case groupEntityType = "groupEntityType"
        }
    }

    public struct OpenIdConnectGroupConfigurationDetail: AWSDecodableShape {
        /// The token claim that you want Verified Permissions to interpret as group membership. For example, groups.
        public let groupClaim: String
        /// The policy store entity type that you want to map your users' group claim to. For example, MyCorp::UserGroup. A group entity type is an entity that can have a user entity type as a member.
        public let groupEntityType: String

        @inlinable
        public init(groupClaim: String, groupEntityType: String) {
            self.groupClaim = groupClaim
            self.groupEntityType = groupEntityType
        }

        private enum CodingKeys: String, CodingKey {
            case groupClaim = "groupClaim"
            case groupEntityType = "groupEntityType"
        }
    }

    public struct OpenIdConnectGroupConfigurationItem: AWSDecodableShape {
        /// The token claim that you want Verified Permissions to interpret as group membership. For example, groups.
        public let groupClaim: String
        /// The policy store entity type that you want to map your users' group claim to. For example, MyCorp::UserGroup. A group entity type is an entity that can have a user entity type as a member.
        public let groupEntityType: String

        @inlinable
        public init(groupClaim: String, groupEntityType: String) {
            self.groupClaim = groupClaim
            self.groupEntityType = groupEntityType
        }

        private enum CodingKeys: String, CodingKey {
            case groupClaim = "groupClaim"
            case groupEntityType = "groupEntityType"
        }
    }

    public struct OpenIdConnectIdentityTokenConfiguration: AWSEncodableShape {
        /// The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. For example, 1example23456789, 2example10111213.
        public let clientIds: [String]?
        /// The claim that determines the principal in OIDC access tokens. For example, sub.
        public let principalIdClaim: String?

        @inlinable
        public init(clientIds: [String]? = nil, principalIdClaim: String? = nil) {
            self.clientIds = clientIds
            self.principalIdClaim = principalIdClaim
        }

        public func validate(name: String) throws {
            try self.clientIds?.forEach {
                try validate($0, name: "clientIds[]", parent: name, max: 255)
                try validate($0, name: "clientIds[]", parent: name, min: 1)
                try validate($0, name: "clientIds[]", parent: name, pattern: "^.*$")
            }
            try self.validate(self.clientIds, name: "clientIds", parent: name, max: 1000)
            try self.validate(self.principalIdClaim, name: "principalIdClaim", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case clientIds = "clientIds"
            case principalIdClaim = "principalIdClaim"
        }
    }

    public struct OpenIdConnectIdentityTokenConfigurationDetail: AWSDecodableShape {
        /// The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. For example, 1example23456789, 2example10111213.
        public let clientIds: [String]?
        /// The claim that determines the principal in OIDC access tokens. For example, sub.
        public let principalIdClaim: String?

        @inlinable
        public init(clientIds: [String]? = nil, principalIdClaim: String? = nil) {
            self.clientIds = clientIds
            self.principalIdClaim = principalIdClaim
        }

        private enum CodingKeys: String, CodingKey {
            case clientIds = "clientIds"
            case principalIdClaim = "principalIdClaim"
        }
    }

    public struct OpenIdConnectIdentityTokenConfigurationItem: AWSDecodableShape {
        /// The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. For example, 1example23456789, 2example10111213.
        public let clientIds: [String]?
        /// The claim that determines the principal in OIDC access tokens. For example, sub.
        public let principalIdClaim: String?

        @inlinable
        public init(clientIds: [String]? = nil, principalIdClaim: String? = nil) {
            self.clientIds = clientIds
            self.principalIdClaim = principalIdClaim
        }

        private enum CodingKeys: String, CodingKey {
            case clientIds = "clientIds"
            case principalIdClaim = "principalIdClaim"
        }
    }

    public struct PolicyFilter: AWSEncodableShape {
        /// Filters the output to only template-linked policies that were instantiated from the specified policy template.
        public let policyTemplateId: String?
        /// Filters the output to only policies of the specified type.
        public let policyType: PolicyType?
        /// Filters the output to only policies that reference the specified principal.
        public let principal: EntityReference?
        /// Filters the output to only policies that reference the specified resource.
        public let resource: EntityReference?

        @inlinable
        public init(policyTemplateId: String? = nil, policyType: PolicyType? = nil, principal: EntityReference? = nil, resource: EntityReference? = nil) {
            self.policyTemplateId = policyTemplateId
            self.policyType = policyType
            self.principal = principal
            self.resource = resource
        }

        public func validate(name: String) throws {
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, max: 200)
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, min: 1)
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.principal?.validate(name: "\(name).principal")
            try self.resource?.validate(name: "\(name).resource")
        }

        private enum CodingKeys: String, CodingKey {
            case policyTemplateId = "policyTemplateId"
            case policyType = "policyType"
            case principal = "principal"
            case resource = "resource"
        }
    }

    public struct PolicyItem: AWSDecodableShape {
        /// The action that a policy permits or forbids. For example, {"actions": [{"actionId": "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID": "SharePhoto", "entityType": "PhotoFlash::Action"}]}.
        public let actions: [ActionIdentifier]?
        /// The date and time the policy was created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The policy definition of an item in the list of policies returned.
        public let definition: PolicyDefinitionItem
        /// The effect of the decision that a policy returns to an authorization request. For example, "effect": "Permit".
        public let effect: PolicyEffect?
        /// The date and time the policy was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The identifier of the policy you want information about.
        public let policyId: String
        /// The identifier of the policy store where the policy you want information about is stored.
        public let policyStoreId: String
        /// The type of the policy. This is one of the following values:    STATIC     TEMPLATE_LINKED
        public let policyType: PolicyType
        /// The principal associated with the policy.
        public let principal: EntityIdentifier?
        /// The resource associated with the policy.
        public let resource: EntityIdentifier?

        @inlinable
        public init(actions: [ActionIdentifier]? = nil, createdDate: Date, definition: PolicyDefinitionItem, effect: PolicyEffect? = nil, lastUpdatedDate: Date, policyId: String, policyStoreId: String, policyType: PolicyType, principal: EntityIdentifier? = nil, resource: EntityIdentifier? = nil) {
            self.actions = actions
            self.createdDate = createdDate
            self.definition = definition
            self.effect = effect
            self.lastUpdatedDate = lastUpdatedDate
            self.policyId = policyId
            self.policyStoreId = policyStoreId
            self.policyType = policyType
            self.principal = principal
            self.resource = resource
        }

        private enum CodingKeys: String, CodingKey {
            case actions = "actions"
            case createdDate = "createdDate"
            case definition = "definition"
            case effect = "effect"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyId = "policyId"
            case policyStoreId = "policyStoreId"
            case policyType = "policyType"
            case principal = "principal"
            case resource = "resource"
        }
    }

    public struct PolicyStoreItem: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the policy store.
        public let arn: String
        /// The date and time the policy was created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// Descriptive text that you can provide to help with identification of the current policy store.
        public let description: String?
        /// The date and time the policy store was most recently updated.
        @OptionalCustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date?
        /// The unique identifier of the policy store.
        public let policyStoreId: String

        @inlinable
        public init(arn: String, createdDate: Date, description: String? = nil, lastUpdatedDate: Date? = nil, policyStoreId: String) {
            self.arn = arn
            self.createdDate = createdDate
            self.description = description
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case createdDate = "createdDate"
            case description = "description"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct PolicyTemplateItem: AWSDecodableShape {
        /// The date and time that the policy template was created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The description attached to the policy template.
        public let description: String?
        /// The date and time that the policy template was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The unique identifier of the policy store that contains the template.
        public let policyStoreId: String
        /// The unique identifier of the policy template.
        public let policyTemplateId: String

        @inlinable
        public init(createdDate: Date, description: String? = nil, lastUpdatedDate: Date, policyStoreId: String, policyTemplateId: String) {
            self.createdDate = createdDate
            self.description = description
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
            self.policyTemplateId = policyTemplateId
        }

        private enum CodingKeys: String, CodingKey {
            case createdDate = "createdDate"
            case description = "description"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
            case policyTemplateId = "policyTemplateId"
        }
    }

    public struct PutSchemaInput: AWSEncodableShape {
        /// Specifies the definition of the schema to be stored. The schema definition must be written in Cedar schema JSON.
        public let definition: SchemaDefinition
        /// Specifies the ID of the policy store in which to place the schema.
        public let policyStoreId: String

        @inlinable
        public init(definition: SchemaDefinition, policyStoreId: String) {
            self.definition = definition
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.definition.validate(name: "\(name).definition")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case definition = "definition"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct PutSchemaOutput: AWSDecodableShape {
        /// The date and time that the schema was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The date and time that the schema was last updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// Identifies the namespaces of the entities referenced by this schema.
        public let namespaces: [String]
        /// The unique ID of the policy store that contains the schema.
        public let policyStoreId: String

        @inlinable
        public init(createdDate: Date, lastUpdatedDate: Date, namespaces: [String], policyStoreId: String) {
            self.createdDate = createdDate
            self.lastUpdatedDate = lastUpdatedDate
            self.namespaces = namespaces
            self.policyStoreId = policyStoreId
        }

        private enum CodingKeys: String, CodingKey {
            case createdDate = "createdDate"
            case lastUpdatedDate = "lastUpdatedDate"
            case namespaces = "namespaces"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct ResourceConflict: AWSDecodableShape {
        /// The unique identifier of the resource involved in a conflict.
        public let resourceId: String
        /// The type of the resource involved in a conflict.
        public let resourceType: ResourceType

        @inlinable
        public init(resourceId: String, resourceType: ResourceType) {
            self.resourceId = resourceId
            self.resourceType = resourceType
        }

        private enum CodingKeys: String, CodingKey {
            case resourceId = "resourceId"
            case resourceType = "resourceType"
        }
    }

    public struct ResourceNotFoundException: AWSErrorShape {
        public let message: String
        /// The unique ID of the resource referenced in the failed request.
        public let resourceId: String
        /// The resource type of the resource referenced in the failed request.
        public let resourceType: ResourceType

        @inlinable
        public init(message: String, resourceId: String, resourceType: ResourceType) {
            self.message = message
            self.resourceId = resourceId
            self.resourceType = resourceType
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case resourceId = "resourceId"
            case resourceType = "resourceType"
        }
    }

    public struct ServiceQuotaExceededException: AWSErrorShape {
        public let message: String
        /// The quota code recognized by the Amazon Web Services Service Quotas service.
        public let quotaCode: String?
        /// The unique ID of the resource referenced in the failed request.
        public let resourceId: String?
        /// The resource type of the resource referenced in the failed request.
        public let resourceType: ResourceType
        /// The code for the Amazon Web Services service that owns the quota.
        public let serviceCode: String?

        @inlinable
        public init(message: String, quotaCode: String? = nil, resourceId: String? = nil, resourceType: ResourceType, serviceCode: String? = nil) {
            self.message = message
            self.quotaCode = quotaCode
            self.resourceId = resourceId
            self.resourceType = resourceType
            self.serviceCode = serviceCode
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case quotaCode = "quotaCode"
            case resourceId = "resourceId"
            case resourceType = "resourceType"
            case serviceCode = "serviceCode"
        }
    }

    public struct StaticPolicyDefinition: AWSEncodableShape {
        /// The description of the static policy.
        public let description: String?
        /// The policy content of the static policy, written in the Cedar policy language.
        public let statement: String

        @inlinable
        public init(description: String? = nil, statement: String) {
            self.description = description
            self.statement = statement
        }

        public func validate(name: String) throws {
            try self.validate(self.description, name: "description", parent: name, max: 150)
            try self.validate(self.statement, name: "statement", parent: name, max: 10000)
            try self.validate(self.statement, name: "statement", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case description = "description"
            case statement = "statement"
        }
    }

    public struct StaticPolicyDefinitionDetail: AWSDecodableShape {
        /// A description of the static policy.
        public let description: String?
        /// The content of the static policy written in the Cedar policy language.
        public let statement: String

        @inlinable
        public init(description: String? = nil, statement: String) {
            self.description = description
            self.statement = statement
        }

        private enum CodingKeys: String, CodingKey {
            case description = "description"
            case statement = "statement"
        }
    }

    public struct StaticPolicyDefinitionItem: AWSDecodableShape {
        /// A description of the static policy.
        public let description: String?

        @inlinable
        public init(description: String? = nil) {
            self.description = description
        }

        private enum CodingKeys: String, CodingKey {
            case description = "description"
        }
    }

    public struct TagResourceInput: AWSEncodableShape {
        /// The ARN of the resource that you're adding tags to.
        public let resourceArn: String
        /// The list of key-value pairs to associate with the resource.
        public let tags: [String: String]

        @inlinable
        public init(resourceArn: String, tags: [String: String]) {
            self.resourceArn = resourceArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
            try self.tags.forEach {
                try validate($0.key, name: "tags.key", parent: name, max: 128)
                try validate($0.key, name: "tags.key", parent: name, min: 1)
                try validate($0.value, name: "tags[\"\($0.key)\"]", parent: name, max: 256)
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 200)
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "resourceArn"
            case tags = "tags"
        }
    }

    public struct TagResourceOutput: AWSDecodableShape {
        public init() {}
    }

    public struct TemplateLinkedPolicyDefinition: AWSEncodableShape {
        /// The unique identifier of the policy template used to create this policy.
        public let policyTemplateId: String
        /// The principal associated with this template-linked policy. Verified Permissions substitutes this principal for the ?principal placeholder in the policy template when it evaluates an authorization request.
        public let principal: EntityIdentifier?
        /// The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the ?resource placeholder in the policy template when it evaluates an authorization request.
        public let resource: EntityIdentifier?

        @inlinable
        public init(policyTemplateId: String, principal: EntityIdentifier? = nil, resource: EntityIdentifier? = nil) {
            self.policyTemplateId = policyTemplateId
            self.principal = principal
            self.resource = resource
        }

        public func validate(name: String) throws {
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, max: 200)
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, min: 1)
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.principal?.validate(name: "\(name).principal")
            try self.resource?.validate(name: "\(name).resource")
        }

        private enum CodingKeys: String, CodingKey {
            case policyTemplateId = "policyTemplateId"
            case principal = "principal"
            case resource = "resource"
        }
    }

    public struct TemplateLinkedPolicyDefinitionDetail: AWSDecodableShape {
        /// The unique identifier of the policy template used to create this policy.
        public let policyTemplateId: String
        /// The principal associated with this template-linked policy. Verified Permissions substitutes this principal for the ?principal placeholder in the policy template when it evaluates an authorization request.
        public let principal: EntityIdentifier?
        /// The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the ?resource placeholder in the policy template when it evaluates an authorization request.
        public let resource: EntityIdentifier?

        @inlinable
        public init(policyTemplateId: String, principal: EntityIdentifier? = nil, resource: EntityIdentifier? = nil) {
            self.policyTemplateId = policyTemplateId
            self.principal = principal
            self.resource = resource
        }

        private enum CodingKeys: String, CodingKey {
            case policyTemplateId = "policyTemplateId"
            case principal = "principal"
            case resource = "resource"
        }
    }

    public struct TemplateLinkedPolicyDefinitionItem: AWSDecodableShape {
        /// The unique identifier of the policy template used to create this policy.
        public let policyTemplateId: String
        /// The principal associated with this template-linked policy. Verified Permissions substitutes this principal for the ?principal placeholder in the policy template when it evaluates an authorization request.
        public let principal: EntityIdentifier?
        /// The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the ?resource placeholder in the policy template when it evaluates an authorization request.
        public let resource: EntityIdentifier?

        @inlinable
        public init(policyTemplateId: String, principal: EntityIdentifier? = nil, resource: EntityIdentifier? = nil) {
            self.policyTemplateId = policyTemplateId
            self.principal = principal
            self.resource = resource
        }

        private enum CodingKeys: String, CodingKey {
            case policyTemplateId = "policyTemplateId"
            case principal = "principal"
            case resource = "resource"
        }
    }

    public struct ThrottlingException: AWSErrorShape {
        public let message: String
        /// The quota code recognized by the Amazon Web Services Service Quotas service.
        public let quotaCode: String?
        /// The code for the Amazon Web Services service that owns the quota.
        public let serviceCode: String?

        @inlinable
        public init(message: String, quotaCode: String? = nil, serviceCode: String? = nil) {
            self.message = message
            self.quotaCode = quotaCode
            self.serviceCode = serviceCode
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case quotaCode = "quotaCode"
            case serviceCode = "serviceCode"
        }
    }

    public struct TooManyTagsException: AWSErrorShape {
        public let message: String?
        public let resourceName: String?

        @inlinable
        public init(message: String? = nil, resourceName: String? = nil) {
            self.message = message
            self.resourceName = resourceName
        }

        private enum CodingKeys: String, CodingKey {
            case message = "message"
            case resourceName = "resourceName"
        }
    }

    public struct UntagResourceInput: AWSEncodableShape {
        /// The ARN of the resource from which you are removing tags.
        public let resourceArn: String
        /// The list of tag keys to remove from the resource.
        public let tagKeys: [String]

        @inlinable
        public init(resourceArn: String, tagKeys: [String]) {
            self.resourceArn = resourceArn
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 1)
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
            }
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, max: 200)
            try self.validate(self.tagKeys, name: "tagKeys", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "resourceArn"
            case tagKeys = "tagKeys"
        }
    }

    public struct UntagResourceOutput: AWSDecodableShape {
        public init() {}
    }

    public struct UpdateCognitoGroupConfiguration: AWSEncodableShape {
        /// The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup.
        public let groupEntityType: String

        @inlinable
        public init(groupEntityType: String) {
            self.groupEntityType = groupEntityType
        }

        public func validate(name: String) throws {
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, max: 200)
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, min: 1)
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, pattern: "^([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupEntityType = "groupEntityType"
        }
    }

    public struct UpdateCognitoUserPoolConfiguration: AWSEncodableShape {
        /// The client ID of an app client that is configured for the specified Amazon Cognito user pool.
        public let clientIds: [String]?
        /// The configuration of the user groups from an Amazon Cognito user pool identity source.
        public let groupConfiguration: UpdateCognitoGroupConfiguration?
        /// The Amazon Resource Name (ARN) of the Amazon Cognito user pool associated with this identity source.
        public let userPoolArn: String

        @inlinable
        public init(clientIds: [String]? = nil, groupConfiguration: UpdateCognitoGroupConfiguration? = nil, userPoolArn: String) {
            self.clientIds = clientIds
            self.groupConfiguration = groupConfiguration
            self.userPoolArn = userPoolArn
        }

        public func validate(name: String) throws {
            try self.clientIds?.forEach {
                try validate($0, name: "clientIds[]", parent: name, max: 255)
                try validate($0, name: "clientIds[]", parent: name, min: 1)
                try validate($0, name: "clientIds[]", parent: name, pattern: "^.*$")
            }
            try self.validate(self.clientIds, name: "clientIds", parent: name, max: 1000)
            try self.groupConfiguration?.validate(name: "\(name).groupConfiguration")
            try self.validate(self.userPoolArn, name: "userPoolArn", parent: name, max: 255)
            try self.validate(self.userPoolArn, name: "userPoolArn", parent: name, min: 1)
            try self.validate(self.userPoolArn, name: "userPoolArn", parent: name, pattern: "^arn:[a-zA-Z0-9-]+:cognito-idp:(([a-zA-Z0-9-]+:\\d{12}:userpool/[\\w-]+_[0-9a-zA-Z]+))$")
        }

        private enum CodingKeys: String, CodingKey {
            case clientIds = "clientIds"
            case groupConfiguration = "groupConfiguration"
            case userPoolArn = "userPoolArn"
        }
    }

    public struct UpdateIdentitySourceInput: AWSEncodableShape {
        /// Specifies the ID of the identity source that you want to update.
        public let identitySourceId: String
        /// Specifies the ID of the policy store that contains the identity source that you want to update.
        public let policyStoreId: String
        /// Specifies the data type of principals generated for identities authenticated by the identity source.
        public let principalEntityType: String?
        /// Specifies the details required to communicate with the identity provider (IdP) associated with this identity source.
        public let updateConfiguration: UpdateConfiguration

        @inlinable
        public init(identitySourceId: String, policyStoreId: String, principalEntityType: String? = nil, updateConfiguration: UpdateConfiguration) {
            self.identitySourceId = identitySourceId
            self.policyStoreId = policyStoreId
            self.principalEntityType = principalEntityType
            self.updateConfiguration = updateConfiguration
        }

        public func validate(name: String) throws {
            try self.validate(self.identitySourceId, name: "identitySourceId", parent: name, max: 200)
            try self.validate(self.identitySourceId, name: "identitySourceId", parent: name, min: 1)
            try self.validate(self.identitySourceId, name: "identitySourceId", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.validate(self.principalEntityType, name: "principalEntityType", parent: name, max: 200)
            try self.validate(self.principalEntityType, name: "principalEntityType", parent: name, min: 1)
            try self.validate(self.principalEntityType, name: "principalEntityType", parent: name, pattern: "^.*$")
            try self.updateConfiguration.validate(name: "\(name).updateConfiguration")
        }

        private enum CodingKeys: String, CodingKey {
            case identitySourceId = "identitySourceId"
            case policyStoreId = "policyStoreId"
            case principalEntityType = "principalEntityType"
            case updateConfiguration = "updateConfiguration"
        }
    }

    public struct UpdateIdentitySourceOutput: AWSDecodableShape {
        /// The date and time that the updated identity source was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The ID of the updated identity source.
        public let identitySourceId: String
        /// The date and time that the identity source was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The ID of the policy store that contains the updated identity source.
        public let policyStoreId: String

        @inlinable
        public init(createdDate: Date, identitySourceId: String, lastUpdatedDate: Date, policyStoreId: String) {
            self.createdDate = createdDate
            self.identitySourceId = identitySourceId
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
        }

        private enum CodingKeys: String, CodingKey {
            case createdDate = "createdDate"
            case identitySourceId = "identitySourceId"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct UpdateOpenIdConnectAccessTokenConfiguration: AWSEncodableShape {
        /// The access token aud claim values that you want to accept in your policy store. For example, https://myapp.example.com, https://myapp2.example.com.
        public let audiences: [String]?
        /// The claim that determines the principal in OIDC access tokens. For example, sub.
        public let principalIdClaim: String?

        @inlinable
        public init(audiences: [String]? = nil, principalIdClaim: String? = nil) {
            self.audiences = audiences
            self.principalIdClaim = principalIdClaim
        }

        public func validate(name: String) throws {
            try self.audiences?.forEach {
                try validate($0, name: "audiences[]", parent: name, max: 255)
                try validate($0, name: "audiences[]", parent: name, min: 1)
            }
            try self.validate(self.audiences, name: "audiences", parent: name, max: 255)
            try self.validate(self.audiences, name: "audiences", parent: name, min: 1)
            try self.validate(self.principalIdClaim, name: "principalIdClaim", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case audiences = "audiences"
            case principalIdClaim = "principalIdClaim"
        }
    }

    public struct UpdateOpenIdConnectConfiguration: AWSEncodableShape {
        /// A descriptive string that you want to prefix to user entities from your OIDC identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos.
        public let entityIdPrefix: String?
        /// The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
        public let groupConfiguration: UpdateOpenIdConnectGroupConfiguration?
        /// The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration.
        public let issuer: String
        /// The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
        public let tokenSelection: UpdateOpenIdConnectTokenSelection

        @inlinable
        public init(entityIdPrefix: String? = nil, groupConfiguration: UpdateOpenIdConnectGroupConfiguration? = nil, issuer: String, tokenSelection: UpdateOpenIdConnectTokenSelection) {
            self.entityIdPrefix = entityIdPrefix
            self.groupConfiguration = groupConfiguration
            self.issuer = issuer
            self.tokenSelection = tokenSelection
        }

        public func validate(name: String) throws {
            try self.validate(self.entityIdPrefix, name: "entityIdPrefix", parent: name, max: 100)
            try self.validate(self.entityIdPrefix, name: "entityIdPrefix", parent: name, min: 1)
            try self.groupConfiguration?.validate(name: "\(name).groupConfiguration")
            try self.validate(self.issuer, name: "issuer", parent: name, max: 2048)
            try self.validate(self.issuer, name: "issuer", parent: name, min: 1)
            try self.validate(self.issuer, name: "issuer", parent: name, pattern: "^https://.*$")
            try self.tokenSelection.validate(name: "\(name).tokenSelection")
        }

        private enum CodingKeys: String, CodingKey {
            case entityIdPrefix = "entityIdPrefix"
            case groupConfiguration = "groupConfiguration"
            case issuer = "issuer"
            case tokenSelection = "tokenSelection"
        }
    }

    public struct UpdateOpenIdConnectGroupConfiguration: AWSEncodableShape {
        /// The token claim that you want Verified Permissions to interpret as group membership. For example, groups.
        public let groupClaim: String
        /// The policy store entity type that you want to map your users' group claim to. For example, MyCorp::UserGroup. A group entity type is an entity that can have a user entity type as a member.
        public let groupEntityType: String

        @inlinable
        public init(groupClaim: String, groupEntityType: String) {
            self.groupClaim = groupClaim
            self.groupEntityType = groupEntityType
        }

        public func validate(name: String) throws {
            try self.validate(self.groupClaim, name: "groupClaim", parent: name, min: 1)
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, max: 200)
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, min: 1)
            try self.validate(self.groupEntityType, name: "groupEntityType", parent: name, pattern: "^([_a-zA-Z][_a-zA-Z0-9]*::)*[_a-zA-Z][_a-zA-Z0-9]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case groupClaim = "groupClaim"
            case groupEntityType = "groupEntityType"
        }
    }

    public struct UpdateOpenIdConnectIdentityTokenConfiguration: AWSEncodableShape {
        /// The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. For example, 1example23456789, 2example10111213.
        public let clientIds: [String]?
        /// The claim that determines the principal in OIDC access tokens. For example, sub.
        public let principalIdClaim: String?

        @inlinable
        public init(clientIds: [String]? = nil, principalIdClaim: String? = nil) {
            self.clientIds = clientIds
            self.principalIdClaim = principalIdClaim
        }

        public func validate(name: String) throws {
            try self.clientIds?.forEach {
                try validate($0, name: "clientIds[]", parent: name, max: 255)
                try validate($0, name: "clientIds[]", parent: name, min: 1)
                try validate($0, name: "clientIds[]", parent: name, pattern: "^.*$")
            }
            try self.validate(self.clientIds, name: "clientIds", parent: name, max: 1000)
            try self.validate(self.principalIdClaim, name: "principalIdClaim", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case clientIds = "clientIds"
            case principalIdClaim = "principalIdClaim"
        }
    }

    public struct UpdatePolicyInput: AWSEncodableShape {
        /// Specifies the updated policy content that you want to replace on the specified policy. The content must be valid Cedar policy language text. You can change only the following elements from the policy definition:   The action referenced by the policy.   Any conditional clauses, such as when or unless clauses.   You can't change the following elements:   Changing from static to templateLinked.   Changing the effect of the policy from permit or forbid.   The principal referenced by the policy.   The resource referenced by the policy.
        public let definition: UpdatePolicyDefinition
        /// Specifies the ID of the policy that you want to update. To find this value, you can use ListPolicies.
        public let policyId: String
        /// Specifies the ID of the policy store that contains the policy that you want to update.
        public let policyStoreId: String

        @inlinable
        public init(definition: UpdatePolicyDefinition, policyId: String, policyStoreId: String) {
            self.definition = definition
            self.policyId = policyId
            self.policyStoreId = policyStoreId
        }

        public func validate(name: String) throws {
            try self.definition.validate(name: "\(name).definition")
            try self.validate(self.policyId, name: "policyId", parent: name, max: 200)
            try self.validate(self.policyId, name: "policyId", parent: name, min: 1)
            try self.validate(self.policyId, name: "policyId", parent: name, pattern: "^[a-zA-Z0-9-]*$")
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case definition = "definition"
            case policyId = "policyId"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct UpdatePolicyOutput: AWSDecodableShape {
        /// The action that a policy permits or forbids. For example, {"actions": [{"actionId": "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID": "SharePhoto", "entityType": "PhotoFlash::Action"}]}.
        public let actions: [ActionIdentifier]?
        /// The date and time that the policy was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The effect of the decision that a policy returns to an authorization request. For example, "effect": "Permit".
        public let effect: PolicyEffect?
        /// The date and time that the policy was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The ID of the policy that was updated.
        public let policyId: String
        /// The ID of the policy store that contains the policy that was updated.
        public let policyStoreId: String
        /// The type of the policy that was updated.
        public let policyType: PolicyType
        /// The principal specified in the policy's scope. This element isn't included in the response when Principal isn't present in the policy content.
        public let principal: EntityIdentifier?
        /// The resource specified in the policy's scope. This element isn't included in the response when Resource isn't present in the policy content.
        public let resource: EntityIdentifier?

        @inlinable
        public init(actions: [ActionIdentifier]? = nil, createdDate: Date, effect: PolicyEffect? = nil, lastUpdatedDate: Date, policyId: String, policyStoreId: String, policyType: PolicyType, principal: EntityIdentifier? = nil, resource: EntityIdentifier? = nil) {
            self.actions = actions
            self.createdDate = createdDate
            self.effect = effect
            self.lastUpdatedDate = lastUpdatedDate
            self.policyId = policyId
            self.policyStoreId = policyStoreId
            self.policyType = policyType
            self.principal = principal
            self.resource = resource
        }

        private enum CodingKeys: String, CodingKey {
            case actions = "actions"
            case createdDate = "createdDate"
            case effect = "effect"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyId = "policyId"
            case policyStoreId = "policyStoreId"
            case policyType = "policyType"
            case principal = "principal"
            case resource = "resource"
        }
    }

    public struct UpdatePolicyStoreInput: AWSEncodableShape {
        /// Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted. When you call UpdatePolicyStore, this parameter is unchanged unless explicitly included in the call.
        public let deletionProtection: DeletionProtection?
        /// Descriptive text that you can provide to help with identification of the current policy store.
        public let description: String?
        /// Specifies the ID of the policy store that you want to update
        public let policyStoreId: String
        /// A structure that defines the validation settings that want to enable for the policy store.
        public let validationSettings: ValidationSettings

        @inlinable
        public init(deletionProtection: DeletionProtection? = nil, description: String? = nil, policyStoreId: String, validationSettings: ValidationSettings) {
            self.deletionProtection = deletionProtection
            self.description = description
            self.policyStoreId = policyStoreId
            self.validationSettings = validationSettings
        }

        public func validate(name: String) throws {
            try self.validate(self.description, name: "description", parent: name, max: 150)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case deletionProtection = "deletionProtection"
            case description = "description"
            case policyStoreId = "policyStoreId"
            case validationSettings = "validationSettings"
        }
    }

    public struct UpdatePolicyStoreOutput: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the updated policy store.
        public let arn: String
        /// The date and time that the policy store was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The date and time that the policy store was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The ID of the updated policy store.
        public let policyStoreId: String

        @inlinable
        public init(arn: String, createdDate: Date, lastUpdatedDate: Date, policyStoreId: String) {
            self.arn = arn
            self.createdDate = createdDate
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "arn"
            case createdDate = "createdDate"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
        }
    }

    public struct UpdatePolicyTemplateInput: AWSEncodableShape {
        /// Specifies a new description to apply to the policy template.
        public let description: String?
        /// Specifies the ID of the policy store that contains the policy template that you want to update.
        public let policyStoreId: String
        /// Specifies the ID of the policy template that you want to update.
        public let policyTemplateId: String
        /// Specifies new statement content written in Cedar policy language to replace the current body of the policy template. You can change only the following elements of the policy body:   The action referenced by the policy template.   Any conditional clauses, such as when or unless clauses.   You can't change the following elements:   The effect (permit or forbid) of the policy template.   The principal referenced by the policy template.   The resource referenced by the policy template.
        public let statement: String

        @inlinable
        public init(description: String? = nil, policyStoreId: String, policyTemplateId: String, statement: String) {
            self.description = description
            self.policyStoreId = policyStoreId
            self.policyTemplateId = policyTemplateId
            self.statement = statement
        }

        public func validate(name: String) throws {
            try self.validate(self.description, name: "description", parent: name, max: 150)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, max: 200)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, min: 1)
            try self.validate(self.policyStoreId, name: "policyStoreId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, max: 200)
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, min: 1)
            try self.validate(self.policyTemplateId, name: "policyTemplateId", parent: name, pattern: "^[a-zA-Z0-9-/_]*$")
            try self.validate(self.statement, name: "statement", parent: name, max: 10000)
            try self.validate(self.statement, name: "statement", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case description = "description"
            case policyStoreId = "policyStoreId"
            case policyTemplateId = "policyTemplateId"
            case statement = "statement"
        }
    }

    public struct UpdatePolicyTemplateOutput: AWSDecodableShape {
        /// The date and time that the policy template was originally created.
        @CustomCoding<ISO8601DateCoder>
        public var createdDate: Date
        /// The date and time that the policy template was most recently updated.
        @CustomCoding<ISO8601DateCoder>
        public var lastUpdatedDate: Date
        /// The ID of the policy store that contains the updated policy template.
        public let policyStoreId: String
        /// The ID of the updated policy template.
        public let policyTemplateId: String

        @inlinable
        public init(createdDate: Date, lastUpdatedDate: Date, policyStoreId: String, policyTemplateId: String) {
            self.createdDate = createdDate
            self.lastUpdatedDate = lastUpdatedDate
            self.policyStoreId = policyStoreId
            self.policyTemplateId = policyTemplateId
        }

        private enum CodingKeys: String, CodingKey {
            case createdDate = "createdDate"
            case lastUpdatedDate = "lastUpdatedDate"
            case policyStoreId = "policyStoreId"
            case policyTemplateId = "policyTemplateId"
        }
    }

    public struct UpdateStaticPolicyDefinition: AWSEncodableShape {
        /// Specifies the description to be added to or replaced on the static policy.
        public let description: String?
        /// Specifies the Cedar policy language text to be added to or replaced on the static policy.  You can change only the following elements from the original content:   The action referenced by the policy.   Any conditional clauses, such as when or unless clauses.   You can't change the following elements:   Changing from StaticPolicy to TemplateLinkedPolicy.   The effect (permit or forbid) of the policy.   The principal referenced by the policy.   The resource referenced by the policy.
        public let statement: String

        @inlinable
        public init(description: String? = nil, statement: String) {
            self.description = description
            self.statement = statement
        }

        public func validate(name: String) throws {
            try self.validate(self.description, name: "description", parent: name, max: 150)
            try self.validate(self.statement, name: "statement", parent: name, max: 10000)
            try self.validate(self.statement, name: "statement", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case description = "description"
            case statement = "statement"
        }
    }

    public struct ValidationSettings: AWSEncodableShape & AWSDecodableShape {
        /// The validation mode currently configured for this policy store. The valid values are:    OFF – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.    STRICT – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn't store them in the policy store.    If Mode=STRICT and the policy store doesn't contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against.  To submit a static policy or policy template without a schema, you must turn off validation.
        public let mode: ValidationMode

        @inlinable
        public init(mode: ValidationMode) {
            self.mode = mode
        }

        private enum CodingKeys: String, CodingKey {
            case mode = "mode"
        }
    }

    public struct SchemaDefinition: AWSEncodableShape {
        /// A JSON string representation of the schema supported by applications that use this policy store. To delete the schema, run PutSchema with {} for this parameter. For more information, see Policy store schema in the Amazon Verified Permissions User Guide.
        public let cedarJson: String?

        @inlinable
        public init(cedarJson: String? = nil) {
            self.cedarJson = cedarJson
        }

        public func validate(name: String) throws {
            try self.validate(self.cedarJson, name: "cedarJson", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case cedarJson = "cedarJson"
        }
    }

    public struct UpdatePolicyDefinition: AWSEncodableShape {
        /// Contains details about the updates to be applied to a static policy.
        public let `static`: UpdateStaticPolicyDefinition?

        @inlinable
        public init(static: UpdateStaticPolicyDefinition? = nil) {
            self.`static` = `static`
        }

        public func validate(name: String) throws {
            try self.`static`?.validate(name: "\(name).`static`")
        }

        private enum CodingKeys: String, CodingKey {
            case `static` = "static"
        }
    }
}

// MARK: - Errors

/// Error enum for VerifiedPermissions
public struct VerifiedPermissionsErrorType: AWSErrorType {
    enum Code: String {
        case accessDeniedException = "AccessDeniedException"
        case conflictException = "ConflictException"
        case internalServerException = "InternalServerException"
        case invalidStateException = "InvalidStateException"
        case resourceNotFoundException = "ResourceNotFoundException"
        case serviceQuotaExceededException = "ServiceQuotaExceededException"
        case throttlingException = "ThrottlingException"
        case tooManyTagsException = "TooManyTagsException"
        case validationException = "ValidationException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize VerifiedPermissions
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// You don't have sufficient access to perform this action.
    public static var accessDeniedException: Self { .init(.accessDeniedException) }
    /// The request failed because another request to modify a resource occurred at the same.
    public static var conflictException: Self { .init(.conflictException) }
    /// The request failed because of an internal error. Try your request again later
    public static var internalServerException: Self { .init(.internalServerException) }
    /// The policy store can't be deleted because deletion protection is enabled. To delete this policy store, disable deletion protection.
    public static var invalidStateException: Self { .init(.invalidStateException) }
    /// The request failed because it references a resource that doesn't exist.
    public static var resourceNotFoundException: Self { .init(.resourceNotFoundException) }
    /// The request failed because it would cause a service quota to be exceeded.
    public static var serviceQuotaExceededException: Self { .init(.serviceQuotaExceededException) }
    /// The request failed because it exceeded a throttling quota.
    public static var throttlingException: Self { .init(.throttlingException) }
    /// No more tags be added because the limit (50) has been reached. To add new tags, use UntagResource to remove existing tags.
    public static var tooManyTagsException: Self { .init(.tooManyTagsException) }
    /// The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid. The possible reasons include the following:    UnrecognizedEntityType  The policy includes an entity type that isn't found in the schema.    UnrecognizedActionId  The policy includes an action id that isn't found in the schema.    InvalidActionApplication  The policy includes an action that, according to the schema, doesn't support the specified principal and resource.    UnexpectedType  The policy included an operand that isn't a valid type for the specified operation.    IncompatibleTypes  The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.    MissingAttribute  The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator in the Cedar Policy Language Guide.    UnsafeOptionalAttributeAccess  The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator in the Cedar Policy Language Guide.    ImpossiblePolicy  Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.    WrongNumberArguments  The policy references an extension type with the wrong number of arguments.    FunctionArgumentValidationError  Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
    public static var validationException: Self { .init(.validationException) }
}

extension VerifiedPermissionsErrorType: AWSServiceErrorType {
    public static let errorCodeMap: [String: AWSErrorShape.Type] = [
        "ConflictException": VerifiedPermissions.ConflictException.self,
        "ResourceNotFoundException": VerifiedPermissions.ResourceNotFoundException.self,
        "ServiceQuotaExceededException": VerifiedPermissions.ServiceQuotaExceededException.self,
        "ThrottlingException": VerifiedPermissions.ThrottlingException.self,
        "TooManyTagsException": VerifiedPermissions.TooManyTagsException.self
    ]
}

extension VerifiedPermissionsErrorType: Equatable {
    public static func == (lhs: VerifiedPermissionsErrorType, rhs: VerifiedPermissionsErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension VerifiedPermissionsErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
